I am sure you have seen a similar error when trying to give access to commands for different roles.
Do not just override the command and return null from getResources() method that would void any access controls on the order commands associated and could causes security issues, the correct way of fixing such issues, is to figure out the correct PolicyGroup and create custom policies with the corresponding roles. An example would be as below. In this case, you need to give users Buyer(buy-side) role to create\copy orders.
CMN1501E: User does not have the authority to perform action "com.ibm.commerce.order.commands.OrderCopyCmd" on resource "com.ibm.commerce.user.objects._Organization_Stub" for command "AjaxOrderCopy
<Policy Name="CustomUsersFromSameBuyerOrgExecuteOrderCreateCommandsOnOrganizationResource"
OwnerID="RootOrganization"
UserGroup="AllUsers"
ActionGroupName="OrderCreateCommands"
ResourceGroupName="OrderDataResourceGroup"
RelationGroupName="Buyer (buy-side)->BuyerOrganizationalEntity"
PolicyType="groupableStandard">
</Policy>
<Policy Name="CustomUsersFromSameBuyerOrgExecuteOrderCreateReadCommandsOnOrganizationResource"
OwnerID="RootOrganization"
UserGroup="AllUsers"
ActionGroupName="OrderReadCommands"
ResourceGroupName="OrderDataResourceGroup"
RelationGroupName="Buyer (buy-side)->BuyerOrganizationalEntity"
PolicyType="groupableStandard">
</Policy>
<Policy Name="CustomUsersFromSameBuyerOrgExecuteOrderCreateWriteCommandsOnOrganizationResource"
OwnerID="RootOrganization"
UserGroup="AllUsers"
ActionGroupName="OrderWriteCommands"
ResourceGroupName="OrderDataResourceGroup"
RelationGroupName="Buyer (buy-side)->BuyerOrganizationalEntity"
PolicyType="groupableStandard">
</Policy>
<PolicyGroup Name="CommonShoppingPolicyGroup" OwnerID="RootOrganization">
<!-- Define policies in this policy group -->
<PolicyGroupPolicy Name="CustomUsersFromSameBuyerOrgExecuteOrderCreateCommandsOnOrganizationResource" PolicyOwnerID="RootOrganization" />
<PolicyGroupPolicy Name="CustomUsersFromSameBuyerOrgExecuteOrderCreateReadCommandsOnOrganizationResource" PolicyOwnerID="RootOrganization" />
<PolicyGroupPolicy Name="CustomUsersFromSameBuyerOrgExecuteOrderCreateWriteCommandsOnOrganizationResource" PolicyOwnerID="RootOrganization" />
</PolicyGroup>