To facilitate database management and ensure security, access to WebSphere Commerce must be restricted to specific individuals and organizations. The process of restricting access is referred to as access control or authentication. Authentication can be defined as security guidelines that:
- Allow or deny a user of a system access to the resources managed by a system.
- Specify what actions the user can perform on each resource.
The authentication model for WebSphere Commerce is based upon the enforcement of access control policies. Access control policies are enforced by the access control Policy Manager. In general, when a user attempts to access a protected resource, the access control policy manager first determines what access control policies are applicable for that user and then, based upon the applicable access control policies, it determines if the user is allowed to perform the requested operation on the given resource.
The Site Administrator manages the access control policies that apply to a site or store.
For more information on authentication, refer to the WebSphere Commerce Security Guide.