Secure > Authorization > Customize default access control policies > Load access control policy data

Load access groups

To load user access group definitions, run the acugload script. This script loads the <UserGroup> element.

Notes:

1. To load the access groups and access control policies, run the following related utilities in this sequence:

   1. acugload (loads the user access group definitions)

   2. acpload (loads the main access control policy)

   3. acpnlsload (loads the display names and descriptions)

2. If you create customized XML files, copy them into the WC_INSTALL /xml/policies/xml directory to have them loaded into the databases.

3. There is a setting in the loading scripts that specifies the following parameter setting while resolving ID's and loading the data to the database: "-maxerror 100000".This means that if there up to 100000 foreign key violations while loading the data, they will be ignored, instead of aborting. This value can be increased or decreased as needed. For example, to stop after one such error, you would change the value to 1.

4. If you create customized XML files, use the full path to the DTD in the file. The access control policies DTDs are located in WC_INSTALL/xml/policies/dtd.

5. When creating a custom policy, do not alter the ACUserGroups_ locale.xml file. Use this file as a reference to see the structure when creating the custom policy.

Procedure

1. Copy the customized access control policy files to the following directory:

   • WC_INSTALL/xml/policies/xml

   • WC_INSTALL\xml\policies\xml

   The customized XML files must conform to the ACUserGroups.dtd file...

   • WC_INSTALL/xml/policies/dtd

   • WC_INSTALL\xml\policies\dtd

2. To run the utility:

   You must login as a user which has the following permissions:

   • Read/write/execute authority to the directories, subdirectories, and files of WC_INSTALL/xml/policies and WC_INSTALL/logs.

   • Read/execute authority to the WC_INSTALL/bin directory and its files.

     If the user does not have the required authority, grant this authority using the chmod command.

   You must login with a profile which has the following permissions:

   • Read/write/execute authority to files under WC_INSTALL/xml/policies, WC_USER /instances and WC_USER/instances/ instance/logs.

   • Read/execute authority to the WC_INSTALL/bin directory and its files.

     For example, define the profile with USRCLS *SECOFR.

3. From the WC_INSTALL/bin directory, type the following:

   • ./acugload.sh database_name database_user database_user_password userGroups_xml_file schema_name

   • acugload.cmd database_name database_user database_user_password userGroups_xml_file schema_name

   • acugload userGroups_xml_file

   Where:

   database_name

   Required: Name of the database in which to load the policy.

   database_user

   Required: Name of the database user who can connect to the database.

   database_user_password

   Required: The associated password for the database user.

   userGroups_xml_file

   Required: The input policy XML file that specifies what user (access) group definitions data to load into the database.

   schema_name

   Optional: The name of target database schema. This name is normally the same as database_user.

   For example:

   ./ acugload.cmd mall dbuser dbusrpwd ACUserGroups_en_US.xml acugload.cmd mall dbuser dbusrpwd ACUserGroups_en_US.xml

4. Check for errors in the log files. Note that errors might not appear on the command line.

   1. Check the acugload.log and messages.txt files...

      • WC_INSTALL/logs

   2. 
      

      • WC_USER/instances/acugload.log

      • WC_USER/instances/ instance/logs/messages.txt

   3. Any error files generated in WC_INSTALL/xml/policies/xml directory.

5. Proceed to Load access control policy definitions and other policy-related elements (acpload).

+

Search Tips   |   Advanced Search