+

Search Tips   |   Advanced Search

PolicySetManagement

Use the Jython or Jacl scripting languages to manage policy set configurations with the wsadmin tool. Use the commands in the PolicySetManagement group to create, delete, and manage policy set, policy, and policy set attachment configurations.

Before using the commands in this topic, verify that we are using the most recent version of the wsadmin tool. The policy set management commands that accept a properties object as the value for the attributes or bindingLocation parameters are not supported on previous versions of the wsadmin tool. For example, the commands do not run on a v6.1.0.x node.

Manage policy set configurations:

Manage policy settings:

Manage policy set attachments:

Manage policy set bindings:


listPolicySets

Return a list of all existing policy sets. If administrative security is enabled, each user role can use this command.

Target object: None.

Optional parameters:

-policySetType

Type of policy set. Specify application to display application policy sets. Specify system to display system policy sets for trust service or WS-MetadataExchange attachments. Specify system/trust to display the policy sets for the trust service. Specify default to display the default policy sets. The default value for this parameter is application. (String, optional)

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Return value.

The command returns a list of all existing policy sets. Each entry in the list is the name of a policy set.

Batch mode example usage

Interactive mode example usage


getPolicySet

Return general attributes, such as description and default indicator, for the specified policy set. If administrative security is enabled, each user role can use this command.

Target object: None.

Required parameters:

-policySet

Policy set name. For a list of all policy set names, use the listPolicySets command. (String, required)

Optional parameters:

-isDefaultPolicySet

Specifies whether to display a default policy set. The default is false. (Boolean, optional)

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Return value.

The command returns a list of attributes for the specified policy set name.

Batch mode example usage

Interactive mode example usage


createPolicySet

Create a new policy set. Policies are not created with the policy set. The default indicator is set to false.

If administrative security is enabled, use the Administrator role to create policy sets.

Target object: None.

Required parameters:

-policySet

Name of the policy set. (String, required)

Optional parameters:

-description

Adds a description for the policy set. (String, required)

-policySetType

Type of policy set. When the value is application, the command creates application policy sets. When the value is system, the command creates a policy set we can use for trust service or WS-MetadataExchange attachments. When the value is system/trust, the command creates a policy set for the trust service. The default value for this parameter is application. (String, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


copyPolicySet

Create a copy of an existing policy set. By default, the policy set attachments are transferred to the new policy set.

If administrative security is enabled, use the Administrator role to copy policy sets.

Target object: None.

Required parameters:

-sourcePolicySet

Name of the existing policy set to copy. (String, required)

-newPolicySet

Name of the new policy set we are creating. (String, required)

-newDescription

Description for the new policy set. (String, required)

Optional parameters:

-transferAttachments

If this parameter is set to true, all attachments transfer from the source policy set to the new policy set. The default is false. (Boolean, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


deletePolicySet

Delete the specified policy set. If attachments exist for the policy set, the command returns a failure message.

If administrative security is enabled, use the Administrator role to delete policy sets.

Target object: None.

Required parameters:

-policySet

Name of the policy set to delete. (String, required)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


updatePolicySet

Enable us to input an attribute list to update the policy set. Use this command to update all attributes for the policy set, or a subset of attributes.

If administrative security is enabled, use the Administrator role to update policy set configurations.

Target object: None.

Required parameters:

-policySet

Name of the policy set to update. (String, required)

-attributes

Properties object containing the attributes to update for the specified policy set. (Properties, required)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


addPolicyType

Add a policy with default values for the specified policy set. We must indicate whether to enable or disable the added policy.

If administrative security is enabled, use the Administrator role to add policies.

Target object: None.

Required parameters:

-policySet

Name of the policy set to update. (String, required)

-policyType

Name of the policy to add to the policy set. (String, required)

-enabled

If this parameter is set to true, new policy is enabled in the policy set. If this parameter is set to false, the configuration is contained within the policy set but the configuration does not have an effect on the system. (Boolean, required)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


deletePolicyType

Delete a policy from a policy set.

If administrative security is enabled, use the Administrator role to remove policies from the configuration.

Target object: None.

Required parameters:

-policySet

Name of the policy set to update. (String, required)

-policyType

Name of the policy to remove from the policy set. (String, required)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


validatePolicySet

Validate the policy set configuration.

If administrative security is enabled, use the Administrator role to validate policy sets.

Target object: None.

Required parameters:

-policySet

Policy set to update. (String, required)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


exportPolicySet

Export a policy set as an archive that can be copied onto a client environment.

If administrative security is enabled, use the Administrator role to export policy sets.

Target object: None.

Required parameters:

-policySet

Policy set to export. (String, required)

-pathName

Path name of the archive file to create. (String, required)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


importPolicySet

Import a policy set from a compressed archive file or from a selection of default policy sets onto the server environment.

If administrative security is enabled, use the Administrator role to import policy sets.

Target object: None.

Optional parameters:

-importFile

Path name of the archive file to import. (String, optional)

-defaultPolicySet

Name of the default policy set to import. (String, optional)

-policySet

Name to assign to the new policy set. If not specified, the system uses the original name of the policy set. (String, optional)

-verifyPolicySetType

That the policy set type to import matches a specific type. Specify system or system/trust to verify that the policy set to import is a type of system policy set, including trust service policy sets. Specify application to verify that the policy set is an application policy set. (String, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


listPolicyTypes

Return a list of the names of the policies configured on the system. The input parameters allow us to list each policy type configured in the system, the policy types configured in a policy set, or the policy types in a binding.

If administrative security is enabled, each administrative role can list policy types.

Target object: None.

Optional parameters:

-policySet

Name of the policy set to query for policies. If the policy set is not specified, the command lists all policies defined in the configuration. (String, optional)

-bindingLocation

Location of the binding. This value is cell-wide default binding, server-specific default binding, or attachment-specific binding. Specify the bindingLocation parameter as a properties object following these guidelines:

  • For cell-wide default binding, use a null or empty properties.

  • For server-specific default binding, specify the node and server names in the properties. The property names are node and server. Server-specific default bindings are deprecated.

  • For attachment-specific binding, specify the application name and attachment ID in the properties. The property names are application and attachmentId.

  • For system/trust bindings, set the systemType property as trustService.

  • For trust client bindings, specify the systemType property as trustClient. In addition, specify the attachment ID. If the bindings are for a specific application, also specify the application property.

  • For WSNClient binding, specify the bus name, service name, and attachment ID in the properties. The property names are bus, WSNService, and attachmentId.

(Properties, optional)

-attachmentType

Specifies whether the attachment type is an application binding, client binding, trust service binding, trust client binding, or WS-Notification client binding. (String, optional)

For transitioning users: Even though we can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-bindingName

Specifies a specific general binding. If specified, the system displays policy types in the specific binding. (String, optional)

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Return value.

The command returns a list of policy types.

Batch mode example usage

Interactive mode example usage


getPolicyType

Return the attributes for a specified policy.

If administrative security is enabled, each administrative role can query attributes for policies.

Target object: None.

Required parameters:

-policySet

Name of the policy set to query. (String, required)

-policyType

Name of the policy of interest. (String, required)

Optional parameters:

-attributes

Specific attributes to display. If this parameter is not used, the command returns all attributes for the specified policy. (String[], optional)

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Return value.

The command returns a properties object containing the policy attributes.

Batch mode example usage

Interactive mode example usage


setPolicyType

Update the attributes of a specified policy.

The administrative console command assistance provides incorrect Jython syntax for the setPolicyType command. The XPath expression for the response message part protection of the Username WSSecurity policy set contains single quotes (') within each XPath property value, which Jython does not support. To fix the command from the administrative console command assistance, add a backslash character (\) before each single quote to escape the single quote.

Also, if we are using a Jython script to update the attributes, the brackets should not be included to get a list of elements and not a list of strings.

If administrative security is enabled, use the Administrator role to configure policies.

Target object: None.

Required parameters:

-policySet

Name of the policy set of interest. (String, required)

-policyType

Name of the policy of interest. (String, required)

-attributes

Specific attributes to be updated. The properties could include all of the policy attributes or a subset of attributes. (Properties, required)

Optional parameters:

-replace

Indicates whether the new attributes provided from the command replace the existing policy attributes. For policies with complex data, we can remove optional parts of the configuration when necessary. Use this parameter to get all attributes, perform edits, and replace the binding configuration with the edited data. The default is false. (Boolean, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


getPolicyTypeAttribute

Return the value for the specified policy attribute.

If administrative security is enabled, each administrative role can query policy type attribute values.

Target object: None.

Required parameters:

-policySet

Name of the policy set of interest. (String, required)

-policyType

Name of the policy of interest. (String, required)

-attributeName

Name of the attribute of interest. (String, required)

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Optional parameters:

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Return value.

The command returns a string containing the value of the specified attribute.

Batch mode example usage

Interactive mode example usage


setPolicyTypeAttribute

Set the value for the specified policy attribute.

If administrative security is enabled, use the Administrator role to configure policy attributes.

Target object: None.

Required parameters:

-policySet

Name of the policy set of interest. (String, required)

-policyType

Name of the policy of interest. (String, required)

-attributeName

Name of the attribute of interest. (String, required)

-attributeValue

Value of the attribute of interest. (String, required)

Return value.

If the attribute is successfully added to the policy, the command returns the true string value.

Batch mode example usage

Interactive mode example usage


getPolicySetAttachments

List the properties for all policy set attachments configured in a specified application.

If administrative security is enabled, each administrative role can query for policy set attachments.

Target object: None.

Optional parameters:

-applicationName

Name of the application to query for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required to query for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though we can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-expandResources

Provides expanded information that details the attachment properties for each resource. If we set this parameter to the name of the service, only the resources for that web service are returned. If we specify an asterisk ( * ) character, expanded information for all your Web services is returned. This parameter is valid if the value for the -attachmentType parameter is set to provider or client. (String, optional)

-attachmentProperties

Specifies information required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)

-serviceRef

Name of the service reference for which the attachments are returned. If specified, only attachments for the service reference are returned. Only valid when the expandResources parameter value is the name of our service and when the attachmentType parameter is set to client. (String, optional)

Return value.

The command returns a list of properties for each attachment in the application, including the policy set name, attachment ID, and resource list. If we specify the expandResources parameter, the command returns the resource, attachmentId, policySet, binding, and directAttachment properties. If a resource is not attached to a policy set, then the system only displays the resource property. The binding property only exists if the attachment contains a custom binding.

Batch mode example usage

The following examples return policy set attachments information for the specified service reference, myServiceRef. The examples return detailed resource information for the logical endpoints or operations for each service reference because the -expandResource parameter is specified.

Interactive mode example usage


createPolicySetAttachment

Create a new policy set attachment for an application.

When administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to create policy set attachments. If we have access to a specific resource only, we can create policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to create policy set attachments. If we have access to a specific resource only, we can create policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can create policy set attachments for application resources only.
Operator The Operator role cannot create policy set attachments.
Monitor The Monitor role cannot create policy set attachments.

Target object: None.

Required parameters:

-resources

Name of the application resources to attach to the policy set. (String[], required)

Optional parameters:

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though we can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-dynamicClient

Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

-attachmentProperties

Specifies information required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)

-inheritFromService

Specifies whether the resources for the service reference inherit the policy set attachments of the associated service. Use this parameter for service reference attachments only. The default value for this parameter is true. (Boolean, optional)

-policySet

Name of the policy set to attach. Required unless the resource specifies a service reference and the inheritFromService parameter is specified. If the policySet parameter is not specified and the inheritFromService parameter isfalse, all attachments for the service reference are removed, and the service reference does not have a policy set attachment. If the policySet parameter is not specified and the inheritFromService parameter is true, all attachments for the service reference are removed, and the service reference inherits the policy of the service. (String, optional)

Return value.

The command returns a string with the ID of the new attachment.

Batch mode example usage

Interactive mode example usage

Mixed-version environment: In a mixed cell environment, we must not create service reference attachments or resource attachments specified in name-value pair format for applications deployed on an application server that is prior to WebSphere Application Server v8.0. Service reference attachments are only supported on WAS v8.0 and later.

In a mixed cell environment, we must not create attachments to policy sets containing CustomProperties policy for applications deployed on an application server that is prior to WAS v8.0. The CustomProperties policy is only supported on WAS v8.0 and later.

mixv


updatePolicySetAttachment

Update the resources that apply to a policy set attachment.

When administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to configure policy set attachments. If we have access to a specific resource only, we can configure policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to configure policy set attachments. If we have access to a specific resource only, we can configure policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can configure policy set attachments for application resources only.
Operator The Operator role cannot configure policy set attachments.
Monitor The Monitor role cannot configure policy set attachments.

Target object: None.

Required parameters:

-attachmentId

Name of the attachment to update. (String, required)

-resources

Names of the application resources to attach to the policy set. A resource for a service reference cannot be included in the same attachment as a resource for a service. (String, required)

Optional parameters:

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though we can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-dynamicClient

Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

-attachmentProperties

Specifies information required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

Mixed-version environment: In a mixed cell environment, we must not create service reference attachments or resource attachments specified in name-value pair format for applications deployed on an application server that is prior to v8.0. Service reference attachments are only supported on v8.0 and later.

In a mixed cell environment, we must not create attachments to policy sets containing CustomProperties policy for applications deployed on an application server that is prior to WAS v8.0. The CustomProperties policy is only supported on WAS v8.0 and later.

mixv


addToPolicySetAttachment

Add additional resources that apply to a policy set attachment.

When administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to add resources to policy set attachments. If we have access to a specific resource only, we can add resources to policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to add resources to policy set attachments. If we have access to a specific resource only, we can add resources to policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can add resources to policy set attachments for application resources only.
Operator The Operator role cannot add resources to policy set attachments.
Monitor The Monitor role cannot add resources to policy set attachments.

Target object: None.

Required parameters:

-attachmentId

Name of the attachment to update. (String, required)

-resources

Names of the application resources to attach to the policy set. A resource for a service reference cannot be included in the same attachment as a resource for a service. (String, required)

Optional parameters:

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though we can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-dynamicClient

Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

-attachmentProperties

Specifies information required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

Mixed-version environment: In a mixed cell environment, we must not create service reference attachments or resource attachments specified in name-value pair format for applications deployed on an application server that is prior to v8.0. Service reference attachments are only supported on v8.0 and later.

In a mixed cell environment, we must not create attachments to policy sets containing CustomProperties policy for applications deployed on an application server that is prior to WAS v8. The CustomProperties policy is only supported on WAS v8.0 and later.

mixv


removeFromPolicySetAttachment

Remove resources that apply to a policy set attachment.

When administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to remove resources from policy set attachments. If we have access to a specific resource only, we can remove resources for which we have access.
Configurator The Configurator role must have cell-wide access to remove resources from policy set attachments. If we have access to a specific resource only, we can remove the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can remove resources from policy set attachments for application resources only.
Operator The Operator role cannot remove resources from policy set attachments.
Monitor The Monitor role cannot remove resources from policy set attachments.

Target object: None.

Required parameters:

-attachmentId

Name of the attachment to remove. (String, required)

-resources

Names of the application resources to attach to the policy set. (String, required)

Optional parameters:

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though we can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attachmentProperties

Specifies information required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


deletePolicySetAttachment

Remove a policy set attachment from an application.

When administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, we can delete policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, we can delete policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can delete policy set attachments for application resources only.
Operator The Operator role cannot delete policy set attachments.
Monitor The Monitor role cannot delete policy set attachments.

Target object: None.

Required parameters:

-attachmentId

Name of the attachment to delete. (String, required)

Optional parameters:

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. This parameter is not required for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: Even though we can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attachmentProperties

Specifies information required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. If a trust client attachment is specified, the -attachmentProperties parameter contains a systemType property with a value of trustClient. (Properties, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


listAssetsAttachedToPolicySet

List the applications or WS-Notification service clients to which a specific policy set is attached.

If administrative security is enabled, each administrative role can list applications that are attached to policy sets.

Target object: None.

Required parameters:

-policySet

Name of the policy set of interest. (String, required)

Optional parameters:

-attachmentType

Type of policy set attachments. The value for this parameter must be provider, client, WSNClient, WSMex, cuProvider, cuClient, binding or all. The default is all. (String, optional)

Return value.

The command returns a list of properties that describe each asset. Each properties object contains the assetType property, which specifies the type of asset.

Batch mode example usage

Interactive mode example usage


listAttachmentsForPolicySet

List the applications to which a specific policy set is attached.

If administrative security is enabled, each administrative role can query for policy set attachments.

Target object: None.

Required parameters:

-policySet

Name of the policy set of interest. (String, required)

Optional parameters:

-attachmentType

Type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default is application. (String, optional)

Return value.

The command returns a list of application names.

Batch mode example usage

Interactive mode example usage


deleteAttachmentsForPolicySet

Remove all attachments for a specific policy set.

When administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, we can delete policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, we can delete policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can delete policy set attachments for application resources only.
Operator The Operator role cannot delete policy set attachments.
Monitor The Monitor role cannot delete policy set attachments.

Target object: None.

Required parameters:

-policySet

Name of the policy set from which to remove the attachments. (String, required)

Optional parameters:

-applicationName

Name of the application of interest. The command only deletes attachments for the application of interest if we specify this parameter. (String, optional)

-attachmentProperties

Specifies information required to identify the location of the attachment. We can specify values for the bus and WSNService properties. (Properties, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


transferAttachmentsForPolicySet

Transfer all attachments from one policy set to another policy set.

When administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to transfer policy set attachments. If we have access to a specific resource only, we can transfer policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to transfer policy set attachments. If we have access to a specific resource only, we can transfer policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can transfer policy set attachments for application resources only.
Operator The Operator role cannot transfer policy set attachments.
Monitor The Monitor role cannot transfer policy set attachments.

Target object: None.

Required parameters:

-sourcePolicySet

Source policy set from which to copy attachments. (String, required)

-destinationPolicySet

Name of the policy set to which the attachments are copied. (String, required)

Optional parameters:

-applicationName

Name of the application of interest. The command only transfers attachments for the application of interest if we specify this parameter. (String, optional)

-attachmentProperties

Specifies information required to identify the location of the attachment. We can specify values for the bus and WSNService properties. (Properties, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


listSupportedPolicySets

Return a list of supported policy sets to attach to the web services resources. If administrative security is enabled, each user role can use this command.

Target object: None.

Required parameters:

-assetProps

Name of the asset of interest. Specify the name of the application as the value for the application property. (Properties, required)

Supported property and value pairs for the parameter are:

Property Value
application Application name, such as myApplication
WS-Notification service client:

  • bus
  • WSNService

Service client names:

  • Bus name, such as: bus1
  • Service name, such as service1

Trust service resource:

  • systemType

Service resoure name:

  • trustService

Return value.

The command returns a list of supported policy sets. Each entry in the list is the name of a policy set.

Batch mode example usage

Interactive mode example usage


getBinding

Return the binding configuration for a specified policy and scope. Use the getBinding command to return a list of available custom bindings, which includes bindings that are and are not referenced by attachments.

If administrative security is enabled, each administrative role can query for binding configuration information.

For transitioning users: In WAS v7.0 and later, the security model was enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of the product. In the WAS v6.1 Feature Pack for Web Services, we can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In v7.0 and later, we can configure one or more general service provider bindings and one or more general service client bindings. After we have configured general bindings, we can specify which of these bindings is the global default binding. We can also optionally specify general binding used as the default for an application server or a security domain. trns

To support a mixed-cell environment, WAS supports v7.0 and v6.1 bindings. General cell-level bindings are specific to v7.0 and later Application-specific bindings remain at the version that the application requires. When the user creates an application-specific binding, the application server determines the required binding version to use for application.

Target object: None.

Required parameters:

-policyType

Policy of interest. (String, required)

-bindingLocation

Location of the binding. (Properties, required)

Specify the bindingLocation parameter as a properties object following these guidelines:

  • For WAS v7.0 and later server default bindings, specify a null or empty properties. Use the bindingName parameter to identify the binding location.

  • For attachment-specific bindings, specify the application name and attachment ID in the properties. The property names are application and attachmentId.

  • For WSNClient bindings, specify the bus name, service name, and attachment ID in the properties. The property names are bus, WSNService, and attachmentId. If we specify an asterisk character (*) as the attachment ID, then the command returns the list of binding names that corresponds to the attachment type of interest.

  • For system/trust bindings, specify the systemType property as trustService.

Optional parameters:

-attachmentType

Type of policy set attachment. Use this parameter to distinguish between types of attachment custom bindings. (String, optional)

For transitioning users: Even though we can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attributes

Names of the attributes to return. If not specified, the command returns all attributes. (String, optional)

-bindingName

Binding name of interest. Specify this parameter to display a general cell-level binding or a custom attachment binding. (String, optional)

Return value.

The command returns a properties object containing the requested configuration attributes for the policy binding.

Batch mode example usage

Interactive mode example usage


setBinding

Update the binding configuration for a specified policy. Use this command to add a server-specific binding, update an attachment to use a custom binding, edit binding attributes, or to remove a binding configuration.

When administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to configure bindings. If we have access to a specific resource only, we can configure custom bindings for the resource for which we have access. The Administrator role is the only role that can modify binding configurations.
Configurator The Configurator role must have cell-wide access to assign and unassign bindings. If we have access to a specific resource only, we can assign and unassign bindings for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can assign or unassign bindings for application resources only.
Operator The Operator role cannot configure bindings.
Monitor The Monitor role cannot configure bindings.

For transitioning users: In WAS v7.0 and later, the security model was enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of the product. In the WAS v6.1 Feature Pack for Web Services, we can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In v7.0 and later, we can configure one or more general service provider bindings and one or more general service client bindings. After we have configured general bindings, we can specify which of these bindings is the global default binding. We can also optionally specify general binding used as the default for an application server or a security domain. trns

To support a mixed-cell environment, WAS supports v7.0 and v6.1 bindings. General cell-level bindings are specific to v7.0 and later Application-specific bindings remain at the version that the application requires. When the user creates an application-specific binding, the application server determines the required binding version to use for application.

Target object: None.

Required parameters:

-bindingLocation

Location of the binding. (Properties, required)

Specify the bindingLocation parameter as a properties object following these guidelines:

  • For WAS v7.0 and later server default bindings, specify a null or empty properties. Use the bindingName parameter to identify the binding location.

  • For attachment-specific, specify the application name and attachment ID in the properties. The property names are application and attachmentId.

  • For WSNClient bindings, specify the bus name, service name, and attachment ID in the properties. The property names are bus, WSNService, and attachmentId. If we specify an asterisk character (*) as the attachment ID, then the command returns the list of binding names that corresponds to the attachment type of interest.

  • For system/trust bindings, set the systemType property as trustService.

-policyType

Policy of interest. (String, required)

Optional parameters:

-attachmentType

Type of policy set attachment. Use this parameter to distinguish between types of attachment custom bindings. (String, optional)

For transitioning users: Even though we can specify the application value for the -attachmentType parameter, use the provider value in place of the application value because the attachments are used for more than just applications, such as system attachments for trust service. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attributes

Attribute values to update. This parameter can include all binding attributes for the policy or a subset to update. If the attributes parameter is not specified, the command only updates the binding location used by the specified attachment. (Properties, optional)

-bindingName

Name for the binding. Specify this parameter to assign a new name to an attachment binding or cell-level binding. A name is generated if it is not specified. (String, optional)

-domainName

Domain name for the binding. Required when using the command to create and scope a binding to a specific domain other than the administrative security domain. The default is global. (String, optional)

-replace

Replace all of the existing binding attributes with the attributes specified in the command. Use this parameter to remove optional parts of the configuration for policies with complex data. The default is false. (Boolean, optional)

-remove

Remove a server-specific default binding or to remove a custom binding from an attachment. We cannot remove cell-level default binding. The default is false. (Boolean, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


getDefaultBindings

Display the provider and client default bindings if the bindings are set. If the command does not return output, then the system default binding is the current default.

If administrative security is enabled, each administrative role can query for default bindings.

Target object: None.

Optional parameters:

-bindingLocation

Location of the binding. Specify the bindingLocation parameter as a properties object with values for the node and server properties. (Properties, optional)

-domainName

Domain name for the binding of interest. Required if the domain of interest is not in the global security domain and we did not specify the bindingLocation parameter. The bindingLocation and domainName parameters are mutually exclusive. The default is global. (String, optional)

Return value.

The command returns a properties object containing the names of the provider and client default bindings, if the bindings are set.

Batch mode example usage

Interactive mode example usage


getRequiredBindingVersion

Display the version number of the binding for a specific application.

Target object: None.

Optional parameters:

-assetProps

Name of the application of interest. (Properties, optional)

Return value.

The command returns the binding version number as a number, such as 7.0.0.0 or 6.1.0.0.

Batch mode example usage

Interactive mode example usage


setDefaultBindings

Set a binding as the default binding.

If administrative security is enabled, use the Administrator role with cell-wide access to configure bindings. If we use the Administrator role and do not have cell-wide access, we can only configure bindings on resources for which we have access.

Target object: None.

Required parameters:

-defaultBindings

Names of the default bindings for the provider, client, or both. (Properties, required)

Optional parameters:

-bindingLocation

Location of the binding. Specify the bindingLocation parameter as a properties object with values for the node and server properties. (Properties, optional)

-domainName

Domain name for the binding of interest. Required if the domain of interest is not in the global security domain and we did not specify the bindingLocation parameter. The bindingLocation and domainName parameters are mutually exclusive. The default is global. (String, optional)

Return value.

The command returns a value of true if the command successfully sets the default binding.

Batch mode example usage

Interactive mode example usage


exportBinding

Export a general, cell-level binding to an archive file. We can copy this file to a client environment or import the archive to a server environment.

If administrative security is enabled, use the Administrator role with cell-wide access to export bindings.

Target object: None.

Required parameters:

-bindingName

Name of the binding to assign as the default binding. If not specified, the system specifies the system default as the default binding. (String, required)

-pathName

File path for the archive file to create. (String, required)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


importBinding

Import a general, cell-level binding from a compressed archive file to a server environment.

If administrative security is enabled, use the Administrator role with cell-wide access to import bindings.

Target object: None.

Required parameters:

-pathName

File path for the archive file to import. (String, required)

Optional parameters:

-bindingName

Name of the binding to assign as the imported binding. If not specified, the system specifies the binding name in the archive file. (String, optional)

-domainName

Nameew name of the domain of the binding to import. If not specified, the command uses the domain specified in the archive file. (String, optional)

-verifyBindingType

Verifies that the type of binding to import matches a specific binding type. Specify provider to verify that the binding to import is a provider binding, or specify client to verify that it is a client binding. (String, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


copyBinding

Create a new general, cell-level binding from an existing binding.

If administrative security is enabled, use the Administrator role with cell-wide access to copy bindings.

Target object: None.

Required parameters:

-sourceBinding

Name of the existing binding the system uses to create the new binding. (String, required)

-newBinding

Name of the binding to create. (String, required)

Optional parameters:

-newDescription

Description text for the new binding. (String, optional)

-domainName

Domain name for the binding. Only required if you scope the binding to a domain other than the domain of the source binding. (String, optional)

Return value.

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


upgradeBindings

Upgrade application bindings for a specific asset to the latest version.

If administrative security is enabled, use the Administrator role with cell-wide access to import bindings.

Target object: None.

Required parameters:

-assetProps

Name of the asset of interest. Specify the name of the application as the value for the application property. (Properties, required)

Optional parameters: None

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage


Related:

  • Web services policy sets
  • Configure application and system policy sets for web services
  • Create policy sets
  • Add and remove policies
  • Deleting policy sets
  • Create policy set attachments
  • Manage policy set attachments
  • Manage policy set attachments for service references
  • Removing policy set attachments
  • Policy configuration properties for all policies