In many cases, it may not be appropriate or desirable for all users in your organization to be able to view, create, edit, or delete all types of assets. Like all Business Control Center applications, Merchandising uses Access Control Lists (ACLs) to manage asset security and determine the operations that a given user can perform on an asset. You set access rights for Merchandising assets by modifying the ACL in the definition file for the secured repository used to store the assets. ACLs are described in detail in the Secured Repositories chapter of the ATG Repository Guide. In general terms, the mechanism works as follows: in the XML definition file of the secured repository that is used to manage the assets, there is an optional ACL setting for each item descriptor that represents a type of asset. This setting is the default security policy for all assets (repository items) of that type. The <descriptor-acl> tag contains a string specifying the user directory principals that have access to that item type and the level of access each principal has.
This section describes the access rights users must have to view and work with assets in Merchandising and suggests best practices for securing assets. For information about setting access rights, see ATG Business Control Center Security in the ATG Business Control Center Administration and Development Guide.
A number of roles and access rights are available by default to simplify the task of creating Merchandising users. For more information, see Setting Up Roles and User Accounts.
Note: Item descriptor subtypes inherit the security settings defined for their parent item type by default, but you can define different security settings for each subtype. When determining an asset’s access rights, Merchandising checks only the subtype’s ACL, not the parent item type’s ACL. To ensure Merchandising uses the access right you intended, specifically set access rights for each subtype in your secured repository. For example, a catalog might define a SKU item type with furniture-SKU and clothing-SKU subtypes. You should specify access rights for the SKU item descriptor and the furniture-SKU and clothing-SKU subtypes.
You can specify the following access rights for Merchandising assets and properties:
Access right | Description |
|---|---|
Create | Controls whether a user can create new instances of an asset type. By default, the file used for content targeters, user segments, and content groups is |
List | Controls whether this item appears as the result of a query, for example in the Browse or Find panel. In the Default Security Policy, List access is implied if the principal has Read access. |
Read | Allows a user to view (but not edit or delete) the properties of this item. |
Write | Allows a user to edit an item. |
Delete | Allows a user to remove this item from the repository. In Merchandising terms, this means that the user can add the asset to a project for the purposes of deleting it from the system. Note: Deleting an item also requires Destroy access to that Item. |
Destroy | Allows a user to remove this item from the repository and destroy its contents. Note: Most secured repositories also require Delete access to the item’s |
