WebSphere Commerce by default includes more than 200 policies to meet the most common access control needs of the different kind of business models. To simplify the handling of these policies, Commerce arranges them in groups, calles Policy Groups where the Organizations can subscribe to.
The InfoCenter reports the list of the policy groups.
The default policies are organized into two levels:
Hence, the Policy Manager checks:
The resource level check is done only if the command level check is satisfied.
This kind of policies determine WHO can do WHAT in the current store and they are used for Controller Commands and Views, in particular:
This kind of policies determine WHO can do WHAT command on WHICH resource in the current store and they are used to have better level of granularity rules in order to discriminate the access to the specific resource.
Let's take the following use case as an example:
The system, in order to check if the logged user can execute the "Define Shipping Charges" task has to use the available policies and make the command level and resource level checks in the following way:
The resources can be classified in the following two categories: