Loading policy display names and descriptions
To insert or update display names and descriptions for the various policy related elements, run the acpnlsload script. This script loads the following elements: <Action_nls>, <Attribute_nls>, <ActionGroup_nls>, <ResourceCategory_nls>, <ResourceGroup_nls>, <Relation_nls>, <Policy_nls>, <PolicyGroup_nls>
- To load the access groups and access control policies, run the following related utilities in this sequence:
- acugload (loads the user access group definitions)
- acpload (loads the main access control policy)
- acpnlsload (loads the display names and descriptions)
- If you create customized XML files, copy them into the WC_installdir /xml/policies/xml directory to have them loaded into the databases.
- There is a setting in the loading scripts that specifies the following parameter setting while resolving ID's and loading the data to the database: "-maxerror 100000". This means that if there up to 100000 foreign key violations while loading the data, they will be ignored, instead of aborting. This value can be increased or decreased as needed. For example, if you want to stop after one such error, you would change the value to 1.
- I5/OS:
If you create customized XML files, use the full path to the DTD in your file. The access control policies DTDs are located in WC_installdir/xml/policies/dtd.
- When creating a custom policy, do not alter the defaultAccessControlPolicies_locale.xml file. Use this file as a reference to see the structure when you create a custom policy.
- Ensure that you have loaded the user access group definitions.
- Ensure that you have loaded the main access control policy.
- Copy the customized translated policy files to the following directory:
WC_installdir/xml/policies/xml
- Windows: WC_installdir\xml\policies\xml
The customized XML files must conform to the accesscontrolpoliciesnls.dtd file in the following directory:
WC_installdir/xml/policies/dtd
- Windows: WC_installdir\xml\policies\dtd
- To run the utility:
AIX|Linux|Solaris:
You must login as a user which has the following permissions:
- Read/write/execute authority to the directories, subdirectories, and files of WC_installdir/xml/policies and WC_installdir/logs.
- Read/execute authority to the WC_installdir/bin directory and its files.
If the user does not have the required authority, you need to grant this authority using the chmod command.
I5/OS: You must login with a profile which has the following permissions:
- Read/write/execute authority to files under WC_installdir/xml/policies, WC_userdir /instances and WC_userdir /instances/ instance/logs.
- Read/execute authority to the WC_installdir/bin directory and its files.
For example, define the profile with USRCLS *SECOFR.
- From the WC_installdir/bin directory, type the following:
./acpnlsload.sh database_name database_user database_user_ password nls_policies_xml_file schema_name
- Windows: acpnlsload.cmd database_name database_user database_user_ password nls_Policies_xml_file schema_name
- acpnlsload nls_Policies_xml_file
Where:
- database_name
- (Required) Name of the database in which to load the policy.
- database_user
- (Required) Name of the database user who can connect to the database.
- database_user_password
- (Required) The associated password for the database user.
- nls_policies_xml_file
- (Required) The input policy XML file for your national language that specifies what policy data to load into the database.
- schema_name
- (Optional) The name of target database schema. This name is normally the same as database_user.
For example:
./acpnlsload.sh mall dbuser dbusrpwd defaultaccesscontrolpolicies_en_US.xml
- Windows: acpnlsload.cmd mall dbuser dbusrpwd defaultaccesscontrolpolicies_en_US.xml
- Check for errors in the log files. Note that errors might not appear on the command line.
- AIX|Linux|Solaris|Windows:
Check the acpnlsload.log and messages.txt files in the following directory:
- WC_installdir/logs
- I5/OS:
Check the acpnlsload.log and messages.txt files in the following directories:
- WC_userdir /instances/acpnlsload.log
- WC_userdir /instances/ instance/logs/messages.txt
- Any error files generated in WC_installdir/xml/policies/xml directory.
Related Concepts
Authorization
Understanding access control
Related tasks
Loading access control policy data
Related Reference
acpnlsload utility
Default access control policies