Removing policy set attachments

Use the Jython or Jacl scripting language to remove and transfer policy sets from application artifacts. We can also remove resources that apply to a policy set attachment without deleting the policy set attachment.

When administrative security is enabled, verify that we use the correct administrative role, as the following table describes:

Administrative role	Authorization
Administrator	The Administrator role must have cell-wide access to remove policy set attachments. If we have access to a specific resource only, we can remove policy set attachments for the resource for which we have access.
Configurator	The Configurator role must have cell-wide access to remove policy set attachments. If we have access to a specific resource only, we can remove policy set attachments for the resource for which we have access.
Deployer	The Deployer role with cell-wide or resource specific access can remove policy set attachments for application resources only.
Operator	The Operator role cannot remove policy set attachments.
Monitor	The Monitor role cannot remove policy set attachments.

Determine which applications and policy sets to remove, detach, or transfer. Use the listWebServices command to list all Web services and for the application to edit. Enter the command to list all web services and attributes for a specific application.

AdminTask.listWebServices('[-application application_name]')

To view a list of all web services and associated applications, do not provide the -application parameter. For each web service, the command returns the associated application name, module name, service name, and service type. We can also use the listAttachmentsForPolicySet and getPolicySetAttachments administrative commands to view existing configuration data. For additional information about these commands, use the information center topic for the PolicySetManagement group of commands for the AdminTask object.

There are four ways to remove policy set attachments, including:

• Remove a policy set attachment from an application.

• Remove resources that apply to a policy set attachment.

• Remove all attachments for a specific policy set and application.
• Transfer attachments between policy sets for a specific application.

Choose the appropriate procedure to remove your policy set attachments.

Tasks

• Remove a policy set attachment from the application.

  1. Enter the following command to remove the policy set attachment from the application:

     AdminTask.deletePolicySetAttachment('[-attachmentId attachment_name -applicationName 
     application_name]')
     

     The command returns a success or failure message. If we receive a success message, the policy set attachment is successfully removed from the application. If we receive a failure message, verify that the chosen policy set attachment exists in the configuration.

  2. Save the configuration changes.

     Enter the following command to save the changes:

     AdminConfig.save()
     

• Remove resources that apply to a policy set attachment.

  1. We can customize the command to remove resources for the web service, endpoint, or operation.

     For the commands in the PolicySetManagement group, the term resource refers to a web service artifact. For application and service client.policy sets, the artifacts use the application hierarchy: Web service, module name, endpoint, or operation. Enter the value for the -resource parameter as a string, with a backslash ( / ) character as a delimiter. Use the following format for application and client policy set attachments:

     WebService:/

     Refers to all artifacts in the application to the policy set.

     WebService:/webapp1.war:{http://www.ibm.com}myService

     Refers to all artifacts within the web service {http://www.ibm.com}myService to the policy set. Provide a fully qualified name (QName) for the service.

     WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA

     Refers to all operations for the endpointA endpoint to the policy set.

     WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA/operation1

     Refers to only the operation1 operation to the policy set.

     The format for the resource string differs for system policy set attachments for the trust service. Use the following format for system policy set attachments:

     Trust.<opName>:/

     The <opName> attribute can be issue, renew, cancel, or validate.

     Trust.<opName>:/url

     The <opName> attribute can be issue, renew, cancel, or validate. We can specify any valid URL for the url attribute.

     In the following example, the command removes the attachment_name attachment from the operation1 operation, which is associated with the application, application1.

     AdminTask.removeFromPolicySetAttachment('[-attachmentId attachment_name -resources 
     "WebService:/webapp1.war:{http://www.ibm.com}myService/endpointA/operation1" -applicationName 
     application1]')
     

     The command returns a success or failure message. We can also use the updatePolicySetAttachments command to remove attached resources.

  2. Save the configuration changes.

     Enter the following command to save the changes:

     AdminConfig.save()
     

• Remove all attachments for a specific policy set.

  1. Remove application attachments for the policy set. To remove an attachment from an application.

     AdminTask.deleteAttachmentsForPolicySet('[-policySet PolicySet1 -applicationName
      application1]')
     

     To remove all attachments from the policy set.

     AdminTask.deleteAttachmentsForPolicySet('[-policySet PolicySet1]')
     

     Both commands return a success or failure message.

  2. Save the configuration changes.

     Enter the following command to save the changes:

     AdminConfig.save()
     

• Transfer attachments from one policy set to another policy set. This command detaches all web services from the source policy set and attaches the web services to the destination policy set.

  1. Enter the transferAttachmentsForPolicySet command to transfer all attachments within an application. To transfer the attachments from the PolicySet1 policy set to the PolicySet2 policy set within the application1 application:

     AdminTask.transferAttachmentsForPolicySet('[-sourcePolicySet PolicySet1 
     -destinationPolicySet PolicySet2 -applicationName application1]')
     

     The command returns a success or failure message.

  2. Save the configuration changes.

     Enter this command to save the changes:

     AdminConfig.save()
     

Configure attachments for the trust service

Configure application and system policy sets for web services

Create policy sets

Add and remove policies

Create policy set attachments

Manage policy set attachments

Removing policy set attachments

Manage policy sets

PolicySetManagement