The Order Owner Security Policy extends the Standard Security Policy, which has all the base functionality for interpreting the Access Control Lists (ACL). ACLs grant or deny access to secure objects. The atg.security.StandardSecurityPolicy class is provided as part of the ATG platform. For more information on the Standard Security Policy, see the Managing Access Control chapter of the ATG Programming Guide.
The Order Owner Security Policy appends the ACL returned by Standard Security Policy with additional ACLs that either grant or deny access to specific personas. Personas can be users, roles or organizations. The Order Owner Security Policy appends the ACL with the persona of the order owner. The order object is an incoming method parameter.
