9 Replies Latest reply: Feb 19, 2013 3:40 PM by Nooruddin Shaik RSS

    how to define ACL rule in ATG BCC

    Prateek G
      Hi,

      I have customized the ATG BCC 9.1 to add a new tab in left navigation menu of bcc home page; now I want to define some security access rules for particular users in this new added tab ( like the tab will disabled or enabled).

      I have read the "Configuring Access Rights for Assets" doc but I don't understand how to implement it in my case.

      Please help regarding this.
        • 1. Re: how to define ACL rule in ATG BCC
          Rajeev_R
          You need to configure the access controls using Generic Activities. There is an XML file called publishingActivities.xml file in CONFIGPATH. Check the existing file in ATG under Publishing\base\config\atg\bizui\activity folder. This will give you some idea. ATG is using different file names and folder structure in different modules, but if you refer this file you will be able to configure access rights for your custom tab.

          Cheers
          R

          Edited by: Rajeev_R on Feb 14, 2013 3:13 AM
          • 2. Re: how to define ACL rule in ATG BCC
            Prateek G
            Hi Rajeev,

            I have just tried to verify what the acl role is doing in the xml(like PublishingActivities.xml) file of my cutomized tab as below-

            <acl>deny{Profile$role$epubAdmin:List};deny{Profile$role$epubSuperAdmin:List}</acl>

            but it not affecting any change in the tab and I am able to see/access all asstes in BCC home page.

            Please correct me if I am doing wrong and suggest me some steps to do that.

            Thanks.
            • 3. Re: how to define ACL rule in ATG BCC
              Rajeev_R
              What are the other values you have given?
              Can you edit the workflow activities XML file and give your ACL like below, if your custom tab is based on a workflow.

              <workflow-activities>
              <activity>
              <id>merchandising.manageCommerceAssets</id>
              <workflow-name>/Common/commonWorkflow.wdl</workflow-name>
              <acl>Profile$role$epubAdmin:read;Profile$role$epubSuperAdmin:read;Profile$role$epubManager:read;Profile$role$epubUser:read</acl>
              </activity>
              </workflow-activities>

              Refer /atg/commerce/web/CommerceActivitySource from dyn/admin for details.

              Cheers
              R
              • 4. Re: how to define ACL rule in ATG BCC
                Prateek G
                Hey Rajeev,

                I have tried in genericActivities.xml file with below line-
                <acl>Profile$role$epubSuperAdmin:deny</acl> and now it's working.
                My customized tab is not showing there now.

                Now can you please tell me how can I customized this acl role for a particular user of bcc?

                Thanks for your helpful replies!
                • 5. Re: how to define ACL rule in ATG BCC
                  Rajeev_R
                  You need to create a particular role say 'customBCCRole' and define your ACL on this role. You need to assign this role to the users whom you want to restrict the access.


                  +<acl>Profile$role$customBCCRole:deny</acl>+

                  You can also pass the userId here like below

                  Admin$user$admin:list,read,write;



                  Cheers,
                  R
                  • 6. Re: how to define ACL rule in ATG BCC
                    Prateek G
                    I have followed the steps as you mentioned and made a new user-prateek and assigned my custome role.
                    But problem is the tab is disappeared for every user.

                    I think the problem is when I am creating the user in bcc it asks for Parent Organization under Orgs & Roles tab;
                    when I select the parent organization, it shows only 'Root' and all other user I have , had the same parent organization.
                    That is why the tab is disappeared for every user(I am guessing).

                    Can you tell me how to solve this problem so that I am able to use my custom roles for A PARTICULAR USER.

                    THANKS.
                    • 7. Re: how to define ACL rule in ATG BCC
                      Rajeev_R
                      Could you pl share the full XML snippet you have created. I dont think having a common Organization makes any problems. Also did you remove that entry to deny access to SuperAdmin from your XML?

                      Cheers
                      R
                      • 8. Re: how to define ACL rule in ATG BCC
                        Prateek G
                        below is my xml snippet-
                        <?xml version="1.0" encoding="UTF-8" standalone="no"?>
                        <generic-activities>
                        <activity>
                        <id>MassCoupon</id>
                        <resource-bundle>atg.bizui.activity.MassCouponActivityResource</resource-bundle>
                        <display-name-resource>massCoupon.displayName</display-name-resource>
                        <description-resource>massCoupon.description</description-resource>
                        <destination-page>
                        <url>/eCAASBCCCA/eCaasMassCoupon/home.jsp</url>
                        <acl>Profile$role$epubSuperAdmin:read;Profile$role$MyCustomRole:deny;</acl>
                        </destination-page>
                        </activity>
                        </generic-activities>

                        Previuosly I have given deny to epubsuperadmin only and it is disaapearing the tab but now I have tried with above one to test if it is working for a user or not.
                        • 9. Re: how to define ACL rule in ATG BCC
                          Nooruddin Shaik
                          You should use the role id but not the role name in ACL.
                          I guess MyCustomRole is the role name. So replace with the role id value.
                          <acl>Profile$role$epubSuperAdmin:read;Profile$role$MyCustomRole:deny;</acl>

                          Peace
                          Shaik