Tuesday, December 4, 2012

Access control for Views

The data load project in V7 makes, it really easy to load the access control changes. This blog explains a sample custom view access policies for guest and registered user and how this can be verified in the database using the query below. Even for guest users to access views, it is required for the view to belong to AllSiteUsersViews policy. If one tries to create a view and  access it, you would get the following error below and -1002 is (generic user). The first time user comes on a site, it would run user as generic user and as soon as it tries to perform any action specific to a user such as add to cart, it is converted to a guest user.

Error without policy:
AccManager isAllowed CMN1501E: User -1002 does not have the authority to perform action "NewView" on resource "com.ibm.commerce.command.HttpForwardViewCommandImpl" for command "null".

view_acpolicies.xml

<!DOCTYPE Policies SYSTEM "../dtd/accesscontrolpolicies.dtd">
<Policies>
<Action Name="GuestView" CommandName="GuestView" />
        <Action Name="RegisteredView" CommandName="RegisteredView" />
   <!-- Guest USERS VIEWS -->
<ActionGroup Name="AllSiteUsersViews" OwnerID="RootOrganization">
<ActionGroupAction Name="GuestView" />
</ActionGroup>

  <!-- REGISTERED USERS VIEWS -->
<ActionGroup Name="RegisteredUserViews" OwnerID="RootOrganization">
<ActionGroupAction Name="RegisteredView" />
  </ActionGroup>

</Policies>
-------------------------------------------------
select * from acpolicy where acactgrp_id in (select acactgrp_id
from acactactgp where acaction_id
in (select ACACTION_ID from ACACTION where ACTION = 'GuestView'))

4 comments:

  1. Hi Raj,
    If I want to create access control policy for a task command in such a way that only "Site Administrator" should be able to access the Task command. Could you please explain how to achieve this.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. You need not create an access control policy for Task Command as the TC is called inside a control command for which an access control policy will already be created.

    ReplyDelete
  4. The finger print based access control software in India is made for all kinds of organizations as this tamper proof fingerprint door lock device reduces the managerial cost involved with the usual ID card or swipe cards. access control system installation

    ReplyDelete