Secure > Authorization > Customize default access control policies > Examples: Customizing access control policies using the Organization Administration Console


Example: Permitting both coupon administrators and Operations Managers to create coupon promotions

By default, coupon administrators for a store can create coupon promotions for their store. In some cases, you might want to grant this authority to Operations Managers as well.

This topic is deprecated and is provided for backward compatibility only.

The flexible design of access control policies offers several methods for implementing this change:

This example illustrates the first approach. It shows you how to add the Operations Manager role to the resource-level policy that authorizes coupon administrators to create coupons.

To make this change, you need to do the following:


Identify the action group and access group for the resource-level policy

  1. Identify the resource-level policy to be changed. The policy is:

    CouponAdministratorsForOrgExecuteCouponPromotionCreateCommands OnStoreEntityResource

  2. From the Organization Administration Console, click Access Management > Policies.

  3. For View, select Root Organization to display the policies it owns.

  4. Locate the policy in the list.

  5. Note the name of the policy's action group--CouponPromotionCreate. This is the action group view to find the name of the command for creating e-coupon promotions.

  6. Note the name of the policy's access group--CouponAdministratorsForOrg. This is the access group update to include the coupon administrator role.


Change the access group

  1. Click Access Management > Access Groups.

  2. From the list of access groups, select CouponAdministratorsForOrg

  3. Click Change to display the Details page.

  4. Click Criteria to display the Criteria page.

  5. From the Role list, select Operations Manager.

  6. Click For Organization to specify that the role must be played with the resource's own organization, or its ancestors.

  7. Click Add.

  8. Click OK.


Identify the commands for creating coupon promotions

  1. Click Access Management > Action Groups.

  2. From the list of action groups, select CouponPromotionCreate.

  3. Click Change to display the Change Action Group page. Note the name of the command for creating e-coupon promotions--com.ibm.commerce.tools.ecoupon.ECouponPromotionSaveCmd. You must add this command to the resource group that contains the list of commands an Operations Manager can execute.


Identify the role-based policy for Operations Managers

  1. Identify the role-based policy for Operations Managers. The policy is: OperationsManagersExecuteOperations ManagersCmdResourceGroup.

  2. Click Access Management > Policies.

  3. For View, select Root Organization to display the site-level policies.

  4. Locate the policy in the list.

  5. Note the name of its resource group--OperationsManagersCmdResourceGroup. This is the name of the resource group update.


Update the resource group in the role-based policy to include the command for creating coupon promotions

  1. Click Access Management > Resource Groups.

  2. Select OperationsManagersCmdResourceGroup.

  3. Click Change to display the Change Resource Group page.

  4. Click Next to display the Details page.

  5. From the Available Resources list, select com.ibm.commerce.tools.ecoupon.ECouponPromotionSaveCmd. This is the command for creating coupon promotions.

  6. Click Add.

  7. Click Finish.


Update the access control policy registry with the changes

  1. Open the Administration Console.

  2. Click Configuration > Registry.

  3. From the list of registries, select Access Control Policies.

  4. Click Update.


+

Search Tips   |   Advanced Search