The ATG Control Center allows users to create, edit, and delete price lists. When a user attempts to view or edit a price list, the security system checks the security information associated with the object and grants or denies access based on the information. For example, if a user does not have write access to a particular item, then the ACC will display the item in gray characters. Additionally, certain objects might not be visible to certain users. The ACC is capable of checking this security information for all items contained in the price list repository:

While having the ability to specify security information for each item is a very powerful concept, it can place a burden on both the system as well as the administrator entering security information. To alleviate this burden, policies can be created that group logical items together. By having a logical policy, users would only need to enter data for some of the items and then other items could derive their security information from these few items. This prevents an administrator from having to enter security information for every object in the repository.

Note: You can also plug in a different security policy if your business needs are not met by the policy described in this section.

For more information, see the discussion on security measures for deployment in the ATG Installation and Configuration Guide.

The default security policy returns the ACL information stored on each repository item. The price list security policy “walks” up the tree until an item finds the priceList to which it belongs and then retrieves the security information from the price list item.

In the price list security policy, all security information flows from a priceList down. This means that if there is a group of price and complexPrice that live in a priceList, these objects will have the same security information as the priceList. Therefore, if only users in the admin group can edit a particular price list, then those same users would be the only ones that could edit the price entries in the price list.

In the following example, all objects under Price List A would share the same security information.

Price List A
Price Entry for SKU A
Price Entry for SKU B
Complex Price

Copyright © 1997, 2012 Oracle and/or its affiliates. All rights reserved. Legal Notices