Loading access control policy definitions and other policy-related elements

To load access control policy definitions, run the acpload script. This script loads the following elements: <Action>, <ActionGroup>, <Attribute>, <ResourceCategory>, <ResourceGroup>, <Relation>, <RelationGroup>, <Policy>, <PolicyGroup>.

1. To load the access groups and access control policies, you need to run the following related utilities in this sequence:

   1. acugload (loads the user access group definitions)

   2. acpload (loads the main access control policy)

   3. acpnlsload (loads the display names and descriptions)

2. If we create customized XML files, you need to copy them into the following directory to have them loaded into the databases.

   • (Linux) utilities_root /xml/policies/xml

   • (Developer) WCDE_installdir \xml\policies\xml

3. When creating a custom policy, do not alter the defaultAccessControlPolicies.xml file. Use this file as a reference to see the structure when creating a custom policy.

Procedure

1. Ensure that you have loaded the user access group definitions.

2. Copy our customized access control policy files to the following directory:

   • (Linux) utilities_root /xml/policies/xml

   • (Developer) WCDE_installdir \xml\policies\xml

   The customized XML files must conform to the accesscontrolpolicies.dtd file in the following directory:

   • (Linux) utilities_root /xml/policies/dtd

   • (Developer) WCDE_installdir \xml\policies\dtd

3. To run the utility:

   We must login as a user which has the following permissions:

   • Read/write/execute authority to these directories, subdirectories, and files.

     • (Linux) utilities_root/xml/policies and utilities_root/logs

     • (Developer) WCDE_installdir\xml\policies and WCDE_installdir\logs

   • Read/execute authority to the following directory and its files.

     • (Linux) utilities_root /bin

     • (Developer) WCDE_installdir \bin

     If the user does not have the required authority, you need to grant this authority using the chmod command.

4. From the (Linux) utilities_root/bin or (Developer) WCDE_installdir\bin directory, type the following:

   • (Linux) ./acugload.sh userGroups_xml_file

   • (Developer) .\acugload.sh userGroups_xml_file

   where:

   policies_xml_file

   Required: The input policy XML file that specifies what policy data to load into the database.

   • For example: (Linux)

     ./acpload.sh opt/WebSphere/CommerceServer90/xml/policies/xml/defaultAccessControlPolicies.xml

5. Check for errors in the log files. Note that errors might not appear on the command line.

   1. Check the wc-acTransform.log and wc-acLoad.log files in the following directory:

      • (Linux) utilities_root/logs

      • (Developer) WCDE_installdir\logs

   2. Any error files generated in the (Linux) utilities_root/xml/policies/xml or (Developer) WCDE_installdir\xml\policies\xml directory.

6. Update the registries: Access Control Policies and Access Control Policy Groups.