Tuesday, December 4, 2012

Access control for Views

The data load project in V7 makes, it really easy to load the access control changes. This blog explains a sample custom view access policies for guest and registered user and how this can be verified in the database using the query below. Even for guest users to access views, it is required for the view to belong to AllSiteUsersViews policy. If one tries to create a view and  access it, you would get the following error below and -1002 is (generic user). The first time user comes on a site, it would run user as generic user and as soon as it tries to perform any action specific to a user such as add to cart, it is converted to a guest user.

Error without policy:
AccManager isAllowed CMN1501E: User -1002 does not have the authority to perform action "NewView" on resource "com.ibm.commerce.command.HttpForwardViewCommandImpl" for command "null".

view_acpolicies.xml

<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">
<Policies>
<Action Name="GuestView" CommandName="GuestView" />
        <Action Name="RegisteredView" CommandName="RegisteredView" />
   <!-- Guest USERS VIEWS -->
<ActionGroup Name="AllSiteUsersViews" OwnerID="RootOrganization">
<ActionGroupAction Name="GuestView" />
</ActionGroup>

  <!-- REGISTERED USERS VIEWS -->
<ActionGroup Name="RegisteredUserViews" OwnerID="RootOrganization">
<ActionGroupAction Name="RegisteredView" />
  </ActionGroup>

</Policies>
-------------------------------------------------
select * from acpolicy where acactgrp_id in (select acactgrp_id
from acactactgp where acaction_id
in (select ACACTION_ID from ACACTION where ACTION = 'GuestView'))