Access Control Policies


  An Access Control Policies authorizes a group of users to perform a set of actions on a set of resources.

An access control policy has 4 elements, they are:
  1. User.
  2. Action.
  3. Resource.
  4. Relationship.
User:  The Users are the people that use the system. For access control purposes, users must be grouped into relevant access groups. 

Action: Actions are the activities that users can perform on the resource.

Resource: Resources are the entities that are protected. A resource group might include business objects like contract or order, or a set of related commands.

Relationship: Relationships are the relationship between the user and the resource. Access control policies may require that a relationship between the user and the resource be satisfied. Each resource class can have a set of relationships associated with it. Each resource can have a set of users that fulfill each relationship.


There are 2 types of access control policies, they are:

  1. Groupable standard policies(policy type-2).
  2. Groupable template policies(policy type-3).

     A Groupable standard policy is applied, once, at organizations that subscribe to a policy group that contains the policy.

     A Groupable template policies are dynamic in nature in that they have an access group that is scoped, when the system is running, to the organization that owns the resource.


The table updated in access control poliies are:

  1. ACACTION: Stores actions that are to be performed on the resources in the system.
  2. ACPOLICY: Stores all the access control policies in a system.
  3. ACRESGRP: Stores all access control resource groups in a system.
  4. ACPOLDESC: Stores local specific information for ACPOLICY.
  5. ACRELATION: Relation between resources and members in system.
  6. ACRESREL: Associates a resource and relationships that it supports.


        WebSphere Commerce allows you to determine, through access control, which tasks a particular user, be they customers, buyers, administrators, distributors, manufacturers, or suppliers, can perform in relation to your business.

To facilitate database management and ensure security, access to WebSphere Commerce must be restricted to specific individuals and organizations. The process of restricting access is referred to as access control or authorization. Authorization can be defined as security guidelines that:

Allow or deny a user of a system access to the resources managed by a system.
Specify what actions the user can perform on each resource.

The authorization model for WebSphere Commerce is based upon the enforcement of access control policies. Access control policies are enforced by the access control Policy Manager. In general, when a user attempts to access a protected resource, the access control policy manager first determines what access control policies are applicable for that user and then, based upon the applicable access control policies, it determines if the user is allowed to perform the requested operation on the given resource.

Comments

anil said…
If i want to create access control policies for a task command in such a way it should be accessible only for Site administrator. How can it be done?.Please answer...
January 16, 2014 at 3:27 AM
Post a Comment

Popular posts from this blog

Dataload Utility In WCS

Data can be loaded into WCS tables using data load utility.   WCS Data Load utility performs the following functions in a single operation: 1.              Reads the data from the input source file. 2.              Transforms the source data to WebSphere Commerce business objects. 3.              Allocates and resolves WebSphere Commerce business objects to physical data. 4.              Loads the physical data into the database. There are three configurations files and a input source file required to complete the data loader setup. WCS supports only CSV File Reader for other input source you have to write your own Reader Class. This means that if you are using OOB CSVReader then your input file must be a CSV file. The three config...
Read more

WebSphere Commerce

Image
1. Explain WCS Archetecture WebSphere Commerce functional architecture Descriptions: Controller layer The conductor of operations for a request. It controls the transaction scope and manages the session related information for the request. The controller first dispatches to a command and then calls the appropriate view processing logic to render the response. Presentation layer The presentation layer displays the result of command execution. The presentation layer can use JSP pages, or other rendering technologies. Business Context Service (BCS) A service that manages contextual information used by business components. The contexts include such information as globalization and entitlement. Business logic facade This generic interface is implemented as a stateless session bean which the controller calls to invoke controller commands. Controller commands A controller command business process logic such as...
Read more

10 Steps to Configure Email – Websphere Commerce Server

10 Steps to Configure Email – Websphere Commerce Server Websphere Commerce Server – Configure Email Follow 10 steps for configuring email in Websphere Commerce Server Step 1: Create a JSP ( eg:- AbcEmailNotify.jsp) Create a JSP, lets name it AbcEmailNotify.jsp AbcEmailNotify.jsp will be used for displaying contents of email to recipient. Note: Currently keep AbcEmailNotify.jsp as blank (without any code) Step 2: Create View ( eg- AbcEmailNotifyView) Make an Entry in Struts-Config.xml file for AbcEmailNotify.jsp as below < action path=’/AbcEmailNotifyView’ type=’com.ibm.commerce.struts.BaseAction’> < set-property property =’authenticate’ value =’10101:1′/> < set-property property =’https’ value =’10101:1′/> < /action> < forward name=”AbcEmailNotifyView /10101/-3″ path=”/< location of JSP file >/AbcEmailNotify.jsp” className=”com.ibm.commerce.struts.ECActionForward”> < set-property property=”implClassName” value=”com.i...
Read more