By default, all users are permitted to create orders for products, regardless of their position in their organization. In some cases, you may want to limit the ability to create orders to a restricted group of users, such as the employees of the buying organization. Typically, these employees are assigned the Buyer (buy-side) role for the buying organization.
To limit order creation to users with the Buyer role, you need to do the following:
- Determine the resource-level policy that specifies who can create an order.
- Change the policy's access group from all users to those with the Buyer role.
- Update the policy's name, display name, and description.
- Identify the command for creating orders.
- Determine the role-based policy for Buyer (buy-side). This policy defines the commands that users with the Buyer (buy-side) role can execute. You must update this policy's resource group to permit buyers to execute the command for creating orders.
- Update this role-based policy's resource group to include the commands for creating orders.
Identify the resource-level policy
- Determine the resource-level policy to be changed. The policy is: AllUsersExecuteOrderCreateCommandsOnStoreResource.
- From the Organization Administration Console, click Access Management > Policies.
- For View, select Root Organization to display the policies that it owns.
- From the list of policies, select AllUsersExecuteOrderCreateCommandsOnStoreResource. Note the name of the policy's action group--OrderCreateCommands. This is the action group you need to view to find the names of the commands for creating an order.
Change the access group
- Click Change to display the Change Policy page.
- For User Group, click Find and select Buyers (buy-side).
- Click OK.
- Update the policy's name, display name, and description to reflect the change of access group.
- Click OK.
Identify the command for creating orders
- Click Access Management > Action Groups.
- From the list of action groups, select OrderCreateCommands .
- Click Change to display the Change Action Group page. Note the names of the commands for creating orders:
com.ibm.commerce.order.commands.OrderCopyCmd com.ibm.commerce.order.commands.OrderScheduleCmd com.ibm.commerce.orderitems.commands.OrderItemMoveCmd com.ibm.commerce.orderitems.commands.OrderItemUpdateCmd com.ibm.commerce.requisitionlist.commands.RequisitionListSubmitCmd com.ibm.commerce.orderitems.commands.OrderItemAddCmd com.ibm.commerce.orderquotation.commands.OrderQuotationCreateCmd
You must add these commands to the resource group that contains the list of commands a buyer can execute.
Identify the role-based policy for buyers (buy-side)
- Determine the role-based policy for buyers (buy-side). The policy is: Buyers(buy-side)ExecuteBuyers(buy-side)CommandsResourceGroup.
- Click Access Management > Policies.
- For View, select Root Organization to display the site-level policies.
- Locate the policy in the list.
- Note the name of the resource group--Buyers(buy-side)CommandsResourceGroup. This is the resource group you need to update.
Update the resource group in the role-based policy to include the commands for creating orders
- Click Access Management > Resource Groups.
- From the list of resource groups, select Buyers(buy-side)CommandsResourceGroup.
- Click Change to display the Change Resource Group page.
- Click Next to display the Details page.
- From the Available Resources list, select the following commands for creating orders:
com.ibm.commerce.order.commands.OrderCopyCmd com.ibm.commerce.order.commands.OrderScheduleCmd com.ibm.commerce.orderitems.commands.OrderItemMoveCmd com.ibm.commerce.orderitems.commands.OrderItemUpdateCmd com.ibm.commerce.requisitionlist.commands.RequisitionListSubmitCmd com.ibm.commerce.orderitems.commands.OrderItemAddCmd com.ibm.commerce.orderquotation.commands.OrderQuotationCreateCmd
- Click Add.
- Click Finish.
Update the access control policy registry with your changes
- Open the Administration Console.
- Click Configuration > Registry.
- From the list of registries, select Access Control Policies.
- Click Update.