defaultAccessControlPolicies.xml is a language-independent XML file that populates the access control database tables with information. You may want to access this file to find out specific information, such as attributes, actions, relationships, resource categories, action groups, resource groups, policy groups, policies, and policy group subscription.
The types of information and database tables populated by defaultAccessControlPolicies.xml include the following:
Database Table | Type of Information | Code Sample |
---|---|---|
ACPOLGRP | Stores all of the access control policy groups in the system. | <PolicyGroup Name="CommonShoppingPolicyGroup" OwnerID="RootOrganization"> </PolicyGroup> |
ACPOLGPPOL |
Includes policies into a policy group. | <PolicyGroupPolicy Name="SiteAdministratorsCanDoEverything" PolicyOwnerId="RootOrganization" /> |
ACPLGPSUBS |
Allows organizational entities to subscribe to the specified policy group. | <PolicyGroupSubscription OrganizationID="RootOrganization"/> |
ACRELGRP |
Stores all of the relationship groups in the system. | <RelationGroup Name="MemberOf->BuyerOrganizationalEntity" OwnerID="RootOrganization"> <RelationCondition><![CDATA[ <profile> <openCondition name="RELATIONSHIP_CHAIN"> <parameter name="HIERARCHY" value="child"/> <parameter name="RELATIONSHIP" value="BuyingOrganizationalEntity"/> </openCondition> </profile> ]]></RelationCondition> </RelationGroup> |
ACACTACTGP | Stores the association between actions and action groups. | <ActionGroupAction Name="AllCommands"/> |
ACACTGRP | Stores the action groups. | <ActionGroup Name="DoEverything" OwnerID="RootOrganization"/> |
ACACTION | Master list of all the actions in the system. | <Action Name="AllCommands" CommandName="*"/> |
ACATTR | Master list of the attributes that various resources can be grouped on. These attributes can be used to form implicit resource groups. | <Attribute Name="Status" Type="String"> </Attribute> |
ACPOLICY | Stores all the access control policies in the system | <Policy Name="SiteAdministratorsCanDoEverything" OwnerID="RootOrganization" UserGroup="SiteAdministrators" ActionGroupName="DoEverything" ResourceGroupName="AllResourceGroup" PolicyType="groupableStandard"> </Policy> |
ACRELATION | This is a master list of all the relationships that exist in the system. | <Relation Name="owner"/> |
ACRESACT | Stores the actions that can be performed on a resource category. This is used only by the Tools, and not for policy evaluation. | <ResourceAction Name="DisplayDatabean"/> |
ACRESATREL | Stores the attributes of a resource category, upon which the resource category can be grouped. This is used only by the Organization Administration Console tool, and not for policy evaluation. | <ResourceAttributes Name="Status" AttributeTableName="ORDERS" AttributeColumnName="STATUS" ResourceKeyColumnName="ORDERS_ID"/> |
ACRESCGRY | Stores all the resource categories in the system and the metadata information about them. | <ResourceCategory Name="com.ibm.commerce.catalog.commands. ProductDisplayCmdResourceCategory" ResourceBeanClass="com.ibm.commerce.catalog. commands.ProductDisplayCmd"> </ResourceCategory> |
ACRESGPRES | Explicitly includes resource categories into resource groups, based on the resource category classname. | <ResourceGroupResource Name="Object" /> |
ACRESGRP | This is a master list of all the resource groups in the system | <ResourceGroup Name="AllResourceGroup" OwnerID="RootOrganization"> </ResourceGroup> |
ACRESPRIM | Stores the primary resource column names for a resource. | <ResourcePrimaryColumns PrimaryResourceKeyColumn="users_id"/> |
ACRESREL | Stores the relationships that are supported by a resource category. This is used only by the Organization Administration Console tool, and not for policy evaluation. | <ResourceRelation Name="owner" RelationTable="users" RelationKeyColumn="users_id" RelationMemberColumn="users_id"/> |
Note: It is recommended that you do not modify any of the bootstrap files. If modified, an instance may not be created successfully and this could result in a major support issue. If changes are needed to the bootstrap access control policy information, after instance creation, it is best to copy the bootstrap file, modify it as needed, and then load the new access control policy definition file.