Secure > Authorization > Customize default access control policies > Examples: Customizing access control policies using the Organization Administration Console


Example: Allow procurement buyer administrators to submit the procurement shopping cart for orders created by their organization

By default, procurement shopping cart managers can save or submit procurement shopping carts if they have created the order. In some cases, you might want to divide the responsibility for these tasks. You could allow procurement shopping cart managers to save procurement shopping carts containing orders they have created but give procurement buyer administrators in the same organization as the order creator the authority to submit the procurement shopping cart. This might be beneficial if you want the procurement buyer administrator to review planned purchases before they are submitted.

To make this change, do the following:


Identify the resource-level policy's action group and resource group

  1. Find the resource-level policy that authorizes procurement shopping cart managers to manage procurement shopping carts for orders. The policy is:

    ProcurementShoppingCartManagersExecuteProcurement ShoppingCartManageOnOrderResource

  2. From the Organization Administration Console, click Access Management > Policies.

  3. Locate the policy in the list of policies.

  4. Note the name of its action group -- ProcurementShoppingCartManage. You will update this action group to remove the action for submitting procurement shopping carts.

  5. Note the name of its resource group -- OrderDataResourceGroup. You will use this resource group to define the new resource-level policy .


Update the resource-level policy's action group

  1. Click Access Management > Action Groups.

  2. From the list of action groups, select ProcurementShoppingCartManage.

  3. Click Change to display the Change Action Group page.

  4. From the Selected Actions list, select com.ibm.commerce.me.commands.SubmitShoppingCartCmd. You will create a new action group with this action and use the action group in the new resource-level policy.

  5. Click Remove.

  6. Click OK.


Define a new action group

  1. Click Access Management > Action Groups.

  2. Click New to display the New Action Group page.

  3. For Name, specify ProcurementShoppingCartSubmit.

  4. For Display Name, specify a short description of the action group in your local language.

  5. For Description, specify a longer description of what the action group does, in the local language.

  6. From the Available Actions list, select com.ibm.commerce.me.commands.SubmitShoppingCartCmd.

  7. Click Add.

  8. Click OK.


Define the new policy

  1. Click Access Management > Policies.

  2. For View, click Root Organization to display the policies it owns.

  3. Click New to display the New Policy page.

  4. For Name, specify:

    ProcurementBuyerAdministratorsExecuteProcurementShoppingCartSubmitCommands OnOrderResource

  5. For Display Name, specify a short description of the policy in the local language.

  6. For Description, specify a longer description of what the policy does, in the local language.

  7. For User Group, click Find and select ProcurementBuyerAdministrators.

  8. Click OK.

  9. For Resource Group, select OrderDataResourceGroup.

  10. For Action Group, select ProcurementShoppingCartSubmit.

  11. For Relationship, select sameOrganizationalEntityAsCreator.

  12. For Policy Type, select Groupable Template Policy to designate the policy as a template policy.

  13. Click OK.


Update the access control policy registry with the change

  1. Open the Administration Console.

  2. Click Configuration > Registry.

  3. From the list of registries, select Access Control Policies.

  4. Click Update.

    Note: After creating the new policy, it has to be assigned to a policy group before it is effective. This is done using XML. See Define access control policy elements using XML for more information.


+

Search Tips   |   Advanced Search