Fraska Portal

Exploring the WebSphere Commerce world

WebSphere Commerce, understand authorizations, 2nd part

Posted by on in Core
  • Font size: Larger Smaller
  • Hits: 2437
  • 14 Comments
  • Subscribe to this entry
  • Print

WebSphere Commerce by default includes more than 200 policies to meet the most common access control needs of the different kind of business models. To simplify the handling of these policies, Commerce arranges them in groups, calles Policy Groups where the Organizations can subscribe to.

 WebSphere Commerce Policy Groups

The InfoCenter reports the list of the policy groups.

The default policies are organized into two levels:

  1. Role Based also called Command Level (complete list);
  2. Resource Level (complete list).  

Hence, the Policy Manager checks:

  1. if the user is allowed to execute the Command (command level)
  2. if the user is allowed to access the Resource (resource level)

The resource level check is done only if the command level check is satisfied.

 

Command Level Policies

This kind of policies determine WHO can do WHAT in the current store and they are used for Controller Commands and Views, in particular:

  • Command-level access control for controller commands: whenever you run a controller command, an access control policy must exist that grants users to perform the Execute action on the command resource. In this case, the ACTION is the execution of the Controller Command and the RESOURCE is the Controller Command Interface. 
  • Command Level Access Control for views: when a view is called directly from the URL, or is the result of a redirect from a command, it must have an access control policy. In this case the ACTION is the View itself.

 

Resource Level Policies

This kind of policies determine WHO can do WHAT command on WHICH resource in the current store and they are used to have better level of granularity rules in order to discriminate the access to the specific resource.
Let's take the following use case as an example:
Access Control Policies, Resource Level

The system, in order to check if the logged user can execute the "Define Shipping Charges" task has to use the available policies and make the command level and resource level checks in the following way:

 Policies, resource level check alghoritm

The resources can be classified in the following two categories:

  • Data Resources: business objects that can be manipulated such as an order or a bid;
  • DataBean Resources: contain information about business objects. Data beans are used to display object information about a Web page.

 

 

Source:

Rate this blog entry:
0

Comments

Leave your comment

Guest
Guest Tuesday, 22 October 2019

Most Popular Post

WebSphere Commerce, the curious life of a front-end catalog request
Core
Rate this blog entry:
5
WebSphere Commerce, the SOLR extension index
Administration
Rate this blog entry:
4
WebSphere Commerce, Data Load and SOLR Delta Index
Data Load
Rate this blog entry:
0

Latest Blogs

WebSphere Commerce, CommandLevelAuthorizationCache
Cache
Rate this blog entry:
0
WebSphere Commerce v8, toolkit exception, ClassNotFound db2
Administration
Rate this blog entry:
1
WebSphere Commerce, ATP migration
Store
Rate this blog entry:
0
WebSphere Commerce, the curious life of a front-end catalog request
Core
Rate this blog entry:
5
WebSphere Commerce, Performance analysis of few European stores
Performance
Rate this blog entry:
0