Secure > Authorization > Customize default access control policies

Extract policy and access group definitions

The extraction process reads the access control policy and access group information in the database and generates files that capture the information in XML format. The extraction utility uses an input filter XML file to specify which data to extract from the database. You can extract all access group and policy data, all access group data, or all access group and policy data owned by a particular organization.

You should maintain consistency between the XML files and the access control information in the database for several reasons:

• When you create an instance of WebSphere Commerce, the policy and access group definitions are loaded from the XML files.

• The XML files offer a convenient way to directly view and edit the policies and their component parts so keeping the files up-to-date is essential.

When you have finalized and tested the policy changes, you should update the XML files to keep them in sync with policy information in the databases. For a description of the different XML files related to access control policies and access groups, see Define access control policy elements using XML. Explanations on how to extract policy changes from the databases into the XML files and how to load the policy information from the XML files into the databases are also included.

To extract data, use the appropriate filter file:

Procedure

1. If you are extracting access group and policy data for a particular organization, edit the OrganizationPoliciesFilter.xml filter file to specify the organization ID. The OrganizationPoliciesFilter.xml is located...

   • WC_INSTALL/xml/policies/xml

   • WC_INSTALL\xml\policies\xml

   Search for all instances of "member_id" and modify the associated value to the organizational ID for which to extract the policies.

2. To run the utility:

   You must login as a user which has the following permissions:

   • Read/write/execute authority to the directories, subdirectories, and files of WC_INSTALL/xml/policies and WC_INSTALL/logs.

   • Read/execute authority to the WC_INSTALL/bin directory and its files.

     If the user does not have the required authority, grant this authority using the chmod command.

   You must login with a profile which has the following permissions:

   • Read/write/execute authority to files under WC_INSTALL/xml/policies, WC_USER /instances and WC_USER/instances/ instance/logs.

   • Read/execute authority to the WC_INSTALL/bin directory and its files.

     For example, define the profile with USRCLS *SECOFR.

3. From the WC_INSTALL/bin directory, type the following:

   • acpextract.cmd database_name database_user database_user_password filter_file schema_name

   • acpextract.sh database_name database_user database_user_password filter_file schema_name

   • acpextract filter_file

   Where:

   database_name

   Required: Name of the database in which to load the policy.

   database_user

   Required: Name of the database user who can connect to the database.

   database_user_password

   Required: The associated password for the database user.

   filter_file

   Required:

   ACPoliciesfilter.xml

   Extracts all access group and policy data.

   ACUserGroupsFilter.xml

   Extract all access group data.

   OrganizationPoliciesFilter.xml

   Extract all access group and policy data for a particular organization. Before using this file, it should be edited to specify the required organization ID. The policy data owned by this organization ID will be extracted.

   schema_name

   Optional: The name of target database schema. This name is normally the same as database_user.

   For example:

   • ./acpextract.sh mall dbuser dbusrpwd ACPoliciesfilter.xml

   • acpextract.cmd mall dbuser dbusrpwd ACPoliciesfilter.xml

4. Check for errors in the log files. Note that errors might not appear on the command line.

   • Check the acpextract.log and messages.txt files... WC_INSTALL/logs

   • WC_USER/instances/acpextract.log

   • WC_USER/instances/ instance/logs/messages.txt

   • Any error files generated in WC_INSTALL/xml/policies/xml directory.

   The following files are created WC_INSTALL/xml/policies/xml directory.

   ExtractedACPolicies.xml

   Contains data extracted by the acpextract utility for the given filter criteria.

   ExtractedACPolicies.dtd

   The DTD for the ExtractedACPolicies.xml file.

   AccessControlUserGroups.xml

   The file containing the access group definitions.

   AccessControlPolicies.xml

   The file containing the language-independent access control policy information.

   AccessControlPolicies_ locale.xml

   The language-dependent access control policies file that contains the display names and descriptions.

+

Search Tips   |   Advanced Search