There are two types of access control, both of which are policy-based: command-level access control and resource-level access control.

Command-level access control determines whether the user is allowed to execute the particular command within the store you have specified. 

Resource-level access control policy could be applied to determine if the user can access the resource in question. 

Access control in a WebSphere Commerce application is composed of the FOLLOWING elements: users, ACTIONS, resources, and relationships.

Users are the people that use the system. For access control purposes, users must be grouped into relevant access groups. 

Actions are the activities that users can perform on the resource. For access control purposes, actions must also be grouped into relevant action groups. For EXAMPLE, a common action used in a store is a view. A view is invoked to display a store page to customers. The views used in your store must be declared as actions and ASSIGNED to an action GROUP before they can be accessed. 

Resources are the entities that are protected. For example, if the action is a view, the resource to be protected is the command that invoked the view, for example com.ibm.commerce.command.ViewCommand. 

Relationships are the relationship between the user and the resource. Access control policies may require that a relationship between the user and the resource be satisfied. For example, users may only be allowed to display the orders that they have created.

There are two types of access control, both of which are policy-based: command-level access control and resource-level access control.

Command-level access control determines whether the user is allowed to execute the particular command within the store you have specified. 

Resource-level access control policy could be applied to determine if the user can access the resource in question. 

Access control in a WebSphere Commerce application is composed of the following elements: users, actions, resources, and relationships.

Users are the people that use the system. For access control purposes, users must be grouped into relevant access groups. 

Actions are the activities that users can perform on the resource. For access control purposes, actions must also be grouped into relevant action groups. For example, a common action used in a store is a view. A view is invoked to display a store page to customers. The views used in your store must be declared as actions and assigned to an action group before they can be accessed. 

Resources are the entities that are protected. For example, if the action is a view, the resource to be protected is the command that invoked the view, for example com.ibm.commerce.command.ViewCommand. 

Relationships are the relationship between the user and the resource. Access control policies may require that a relationship between the user and the resource be satisfied. For example, users may only be allowed to display the orders that they have created.