Sunday, October 23, 2011

Order history read access users from same organization.


Read only access to users belonging to same organization and Organization Participant role for order history related databeans, the XML policies below is from the reference link below but they have an issue where on the role Buyer (buy-side) role name so that's fixed.
Buyer(buy-side) roles needs to defined on the organization using Org admin console.
if there is an hierarchy of organizations and the bottom organization is the parent organization for the users. All roles have to be defined to Organizations from Top-Down.
Add the xml fragments below to resource_acpolicies.xml and run ACPLoad.
Add new policy to allow participants to display the order beans for others in the organization:
Relation group: This defines all roles in this case Buyer(buy-side) to BuyingOrganizationalEntity

     <RelationGroup Name="Buyer (buy-side)->BuyerOrganizationalEntity" OwnerID="RootOrganization">
        <RelationCondition><![CDATA[
        <profile>
        <openCondition name="RELATIONSHIP_CHAIN">
        <parameter name="ROLE" value="Buyer (buy-side)"/>
        <parameter name="RELATIONSHIP"
        value="BuyingOrganizationalEntity"/>
        </openCondition>
        </profile>
        ]]></RelationCondition>
    </RelationGroup>
   

 Create a new Policy and use the RelationGroupName created above to the ResourceGroup, OrderDatabeanResourceGroup and ActionGroup, DisplayDatabeanActionGroup

        <Policy Name="ParticipantsOfOrgDisplayOrderDatabeanResourceGroup"
            OwnerID="RootOrganization"
            UserGroup="AllUsers"
            ActionGroupName="DisplayDatabeanActionGroup"
            ResourceGroupName="OrderDatabeanResourceGroup"
            RelationGroupName="ParticipantOf->BuyerOrganizationalEntity"
            PolicyType="groupableStandard">
    </Policy>
    <Policy Name="BuyersOfOrgDisplayOrderDatabeanResourceGroup"
            OwnerID="RootOrganization"
            UserGroup="AllUsers"
            ActionGroupName="DisplayDatabeanActionGroup"
            ResourceGroupName="OrderDatabeanResourceGroup"
            RelationGroupName="Buyer (buy-side)->BuyerOrganizationalEntity"
            PolicyType="groupableStandard">
    </Policy>
     

  Subscribe organizations to the new Access Control policies:         
     <PolicyGroup Name="B2BPolicyGroup" OwnerID="RootOrganization">
        <PolicyGroupPolicy
        Name="ParticipantsOfOrgDisplayOrderDatabeanResourceGroup"
        PolicyOwnerID="RootOrganization" />
        <PolicyGroupPolicy Name=
        "BuyersOfOrgDisplayOrderDatabeanResourceGroup"
        PolicyOwnerID="RootOrganization" />
    </PolicyGroup>   


Once the ACPLoad is run, you can validate using a SQL query.
select * from acpolicy where policyname like 'BuyersOfOrgDisplayOrderDatabeanResourceGroup'
select * from acpolicy where policyname like 'ParticipantsOfOrgDisplayOrderDatabeanResourceGroup'

References:
http://www.ibm.com/developerworks/websphere/library/techarticles/0908_callaghan/0908_callaghan1.html
http://www.ibm.com/developerworks/websphere/library/techarticles/0805_callaghan/0805_callaghan.html

3 comments:

  1. Thanks for sharing these tips, these tips are very helpful and useful.

    ReplyDelete
  2. Gathering pledges ought to be essential for each staff individual's workplan close by their organizing duties, for what it's worth at Neighbor to Neighbor Massachusetts (N2N-MA) where I was the advancement chief for a very long time. IT company North York

    ReplyDelete
  3. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. access control system

    ReplyDelete