|
Home > Archive > WebSphere Commerce suite > May 2005 > Accesscontrol
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Andreas Holmberg 2004-11-15, 2:47 am |
| Hi,
I have serious problems understanding the accesscontrol model in WCS 5.6. I
really don't want to use any accesscontrol for my shoppers. I just want them
to be able to do everything in the store.I use the Business to Consumer
model. I have my store in the "B2C organization" and my users in the default
organization.
I have added my new views to "AllSiteUsersViews" action group. And then I
added my commands as "ResourceCategories" and added them to
"AllSiteUserCmdResourceGroup". This works fine for my Views.
The problem:
I added a new URL in URLREG that points to a controllercommand that is in
the "AllSiteUserCmdResourceGroup", but this doesn't work! Why? Do I need to
do something special with URL commands?
I get the following error:
[2004-11-15 09:10:19:531 CET] 330d6032 CommerceSrvr E AccManager isAllowed
CMN1501E: User 10002 does not have the authority to perform action "Execute"
on resource "<myCmdImpl>" for command "<myURL>".
[2004-11-15 09:10:19:531 CET] 330d6032 CommerceSrvr E <myCmdImpl>Impl
accessControlCheck The user does not have the authority to run this command
"<myURL>".
Thanks,
Andreas Holmberg
| |
| Robert Brown 2004-11-15, 8:47 pm |
| I'd recommend you look at Section 13.7.7 of the Redbook SG246969. It
explains the execute actions that you must provide for your controller
commands in the AC* tables. You can refer to the Access Control Guides
(v5.4 = accesscontrolguide.pdf, v5.5 = WC55SecurityGuide.pdf) or the WC
v5.6 Information Center for more information on the difference between
role-based and resource-level access policies.
R
Andreas Holmberg wrote:
> Hi,
>
> I have serious problems understanding the accesscontrol model in WCS 5.6. I
> really don't want to use any accesscontrol for my shoppers. I just want them
> to be able to do everything in the store.I use the Business to Consumer
> model. I have my store in the "B2C organization" and my users in the default
> organization.
>
> I have added my new views to "AllSiteUsersViews" action group. And then I
> added my commands as "ResourceCategories" and added them to
> "AllSiteUserCmdResourceGroup". This works fine for my Views.
>
> The problem:
> I added a new URL in URLREG that points to a controllercommand that is in
> the "AllSiteUserCmdResourceGroup", but this doesn't work! Why? Do I need to
> do something special with URL commands?
>
> I get the following error:
> [2004-11-15 09:10:19:531 CET] 330d6032 CommerceSrvr E AccManager isAllowed
> CMN1501E: User 10002 does not have the authority to perform action "Execute"
> on resource "<myCmdImpl>" for command "<myURL>".
> [2004-11-15 09:10:19:531 CET] 330d6032 CommerceSrvr E <myCmdImpl>Impl
> accessControlCheck The user does not have the authority to run this command
> "<myURL>".
>
>
> Thanks,
> Andreas Holmberg
>
>
>
>
>
| |
| ajit_pandey 2005-04-01, 7:49 am |
| Take an Access policy which is working e.g. AllUsersExecuteAllSiteCmdResourceGrp and add your command in the resource AllSiteCmdResourceGrp,it should work.
Ajit,
p.s. Restart the server or refresh the access policy registry to make your changes effective
| |
|
| Hi All,
I do have the similar kind of problem but the context is different.
I am working with AdvancedB2BDirect store. There are some JSPs which are registered in ViewReg table which are working fine. I created a new JSP and registered the same in ViewReg table using com.ibm.commerce.command.HTTPForward**Impl class. The WebSphere
Commerce was able to find the View name in ViewReg table. But gave me an error that User is not authorized to access the resource. Do I need to do anything special. The user had 'ProcurementBuyerAdministrator' role. Please let me know for more informatio
n required, if any. Please help me. Thanks in advance.
| |
| Robert Brown 2005-05-15, 8:36 am |
| > Hi All,
>
> I do have the similar kind of problem but the context is different.
>
> I am working with AdvancedB2BDirect store. There are some JSPs which are registered in ViewReg table which are working fine. I created a new JSP and registered the same in ViewReg table using com.ibm.commerce.command.HTTPForward**Impl class. The WebSphe
re Commerce was able to find the View name in ViewReg table. But gave me an error that User is not authorized to access the resource. Do I need to do anything special. The user had 'ProcurementBuyerAdministrator' role. Please let me know for more informat
ion required, if any. Please help me. Thanks in advance.
You should load the access control policies according to the tutorial
(see section 'Creating and loading access control policies for
MyNewView') referenced here:
http://publib.boulder.ibm.com/infoc...orial/ttd12.htm
Change the name of MyNewView to be your view name and change the name of
the action group AllSiteUsersViews to your starter store's action group
(either AdvancedB2BDirectRegisteredUsersViews or
AdvancedB2BDirectAllUsersViews) and load with the acpload utility.
Those action groups are visible in the ACACTGRP table. If you want to
restrict your view to just Procurement Buyer Administrators with that
role then you have more to do than what I've described.
All this assumes v5.6 although this should work going back to v5.1.
R
|
|
|
|
|