Access Controllers

Access controllers are registered by the /atg/userprofiling/AccessControlServlet and used to control access to some or all pages within Commerce Service Center based on access rights associated with roles. For detailed information on using and configuring access controllers, refer to the Working with User Profiles section of the Personalization Programming Guide.

Access rights are configured using the allowedAccessRightNames property of the security properties files located in /atg/commerce/custsvc/security directory. If the user’s role and access rights match the page’s access right, the user may access the page. The following security files identify the following access rights:

Access Right Controller

Description

AnyProfileAccessRightController

Allow an agent to access and work with customer profiles:

commerce-custsvc-change-customer-password-
  privilege
commerce-custsvc-create-profiles-privilege
commerce-custsvc-edit-profiles-privilege
commerce-custsvc-view-profiles-privilege

AnyReturnAccessRightController

Allow an agent to create returns and mark items as returned:

commerce-custsvc-create-return-privilege
commerce-custsvc-record-merchandise-
  return-privilege

ChangePasswordAccessRight
  Controller

Allows an agent to change customer passwords:

commerce-custsvc-change-customer-password-
  privilege

CreateOrdersAccessRight
  Controller

Allows an agent to create an order:

commerce-custsvc-create-orders-privilege

CreateProfileAccessRight
  Controller

Allows an agent to create a new customer profile:

commerce-custsvc-create-profiles-privilege

EditOrdersAccessRightController

Allows an agent to edit a customer order:

commerce-custsvc-edit-orders-privilege

EditProfileAccessRight
  Controller

Allows an agent to edit a customer profile:

commerce-custsvc-edit-profile-privilege

IssueStoreCreditAccessRight
  Controller

commerce-custsvc-issue-credit-privilege

Copyright © 1997, 2016 Oracle and/or its affiliates. All rights reserved. Legal Notices