Examples: Customizing access control policies using the Organization Administration Console

For all of these examples, it is assumed that a Site Administrator is modifying the policies for Root Organization. Once you step through some of the examples, you will be able to follow the same methodology to make changes not specifically covered here.

The examples are organized by business area. Within each business area, the examples are presented in order of increased complexity.

If you are looking for a example that illustrates a particular kind of change, refer to the table below, which cross-references the examples by the type of illustrated customization.

Customization examples organized by type of customization
Customization See the example
Adding a role to a policy's access group
Changing a policy's action group
Changing a policy's resource relationship
Changing a policy to use a different access group
Creating a new access group and using it in a policy
Creating a new action group and using it in a policy
Creating a new resource-level policy
Creating a new role-based policy
Creating a new role and using it in a resource-level policy
Deleting a policy
Removing an action from a policy's action group

Tips for changing default policies

For the above examples, keep the following in mind when you change your default policies:

Note: The access control policy menu is moved to Organization Administration Console. The Organization Administration Console can only perform simple modifications to the access control policy definitions and access group definitions. The more robust solution is to update the data using XML files. The following operations can only be done through XML:

  1. Defining new actions, resources, attributes, relationships, relationship groups.
  2. Defining complex implicit resource groups, and complex implicit access groups.
  3. Assigning a new policy to a policy group.

Feedback