PolicySetManagement


 

+

Search Tips   |   Advanced Search

 

Use the Jython or Jacl scripting languages to manage policy set configurations with wsadmin. Use the commands and parameters in the PolicySetManagement group to create, delete, and manage policy set, policy, and policy set attachment configurations.

Before you use the commands in this topic, verify that we are using the most recent version of wsadmin. The policy set management commands that accept a properties object as the value for the attributes or bindingLocation parameters are not supported on previous versions of wsadmin. For example, the commands do not run on a V6.1.0.x node.

Use the following commands to manage policy set configurations:

Use the following commands to manage policy settings:

Use the following commands to manage policy set attachments:

Use the following commands to manage policy set bindings:

 

listPolicySets

The listPolicySets command returns a list of all existing policy sets. If administrative security is enabled, each user role can use this command.

Target object

None.

Optional parameters

-policySetType

Type of policy set. Specify application to display application policy sets. Specify system to display system policy sets for trust service or WS-MetadataExchange attachments.

Specify system/trust to display the policy sets for the trust service. Specify default to display the default policy sets. The default value for this parameter is application. (String, optional)

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Return value

The command returns a list of all existing policy sets. Each entry in the list is the name of a policy set.

Batch mode example usage

Interactive mode example usage

 

getPolicySet

The getPolicySet command returns general attributes, such as description and default indicator, for the specified policy set. If administrative security is enabled, each user role can use this command.

Target object

None.

Required parameters

-policySet

Policy set name. For a list of all policy set names, use the listPolicySets command. (String, required)

Optional parameters

-isDefaultPolicySet

Specifies whether to display a default policy set. The default value is false. (Boolean, optional)

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Return value

The command returns a list of attributes for the specified policy set name.

Batch mode example usage

Interactive mode example usage

 

createPolicySet

The createPolicySet command creates a new policy set. Policies are not created with the policy set. The default indicator is set to false.

If administrative security is enabled, use the Administrator role to create policy sets.

Target object

None.

Required parameters

-policySet

Name of the policy set. (String, required)

Optional parameters

-description

Adds a description for the policy set. (String, required)

-policySetType

Type of policy set. When the value is application, the command creates application policy sets. When the value is system, the command creates a policy set that we can use for trust service or WS-MetadataExchange attachments. When the value is system/trust, the command creates a policy set for the trust service. The default value for this parameter is application. (String, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

copyPolicySet

The copyPolicySet command creates a copy of an existing policy set. By default, the policy set attachments are transferred to the new policy set.

If administrative security is enabled, use the Administrator role to copy policy sets.

Target object

None.

Required parameters

-sourcePolicySet

Name of the existing policy set to copy. (String, required)

-newPolicySet

Name of the new policy set we are creating. (String, required)

-newDescription

Description for the new policy set. (String, required)

Optional parameters

-transferAttachments

If this parameter is set to true, all attachments transfer from the source policy set to the new policy set. The default value is false. (Boolean, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

deletePolicySet

The deletePolicySet command deletes the specified policy set. If attachments exist for the policy set, the command returns a failure message.

If administrative security is enabled, use the Administrator role to delete policy sets.

Target object

None.

Required parameters

-policySet

Name of the policy set to delete. (String, required)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

updatePolicySet

The updatePolicySet command enables you to input an attribute list to update the policy set. Use this command to update all attributes for the policy set, or a subset of attributes.

If administrative security is enabled, use the Administrator role to update policy set configurations.

Target object

None.

Required parameters

-policySet

Name of the policy set to update. (String, required)

-attributes

Properties object that contains the attributes to update for the specified policy set. (Properties, required)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

addPolicyType

The addPolicyType command adds a policy with default values for the specified policy set. You must indicate whether to enable or disable the added policy.

If administrative security is enabled, use the Administrator role to add policies.

Target object

None.

Required parameters

-policySet

Name of the policy set to update. (String, required)

-policyType

Name of the policy to add to the policy set. (String, required)

-enabled

If this parameter is set to true, new policy is enabled in the policy set. If this parameter is set to false, the configuration is contained within the policy set but the configuration does not have an effect on the system. (Boolean, required)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

deletePolicyType

The deletePolicyType command deletes a policy from a policy set.

If administrative security is enabled, use the Administrator role to remove policies from the configuration.

Target object

None.

Required parameters

-policySet

Name of the policy set to update. (String, required)

-policyType

Name of the policy to remove from the policy set. (String, required)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

validatePolicySet

The validatePolicySet command validates the policy set configuration.

If administrative security is enabled, use the Administrator role to validate policy sets.

Target object

None.

Required parameters

-policySet

Policy set to update. (String, required)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

exportPolicySet

The exportPolicySet command exports a policy set as an archive that can be copied onto a client environment.

If administrative security is enabled, use the Administrator role to export policy sets.

Target object

None.

Required parameters

-policySet

Policy set to export. (String, required)

-pathName

Path name of the archive file to create. (String, required)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

importPolicySet

The importPolicySet command imports a policy set from a compressed archive file or from a selection of default policy sets onto the server environment.

If administrative security is enabled, use the Administrator role to import policy sets.

Target object

None.

Optional parameters

-importFile

Path name of the archive file to import. (String, optional)

-defaultPolicySet

Name of the default policy set to import. (String, optional)

-policySet

Name to assign to the new policy set. If we do not specify this parameter, the system uses the original name of the policy set. (String, optional)

-verifyPolicySetType

Specifies that the policy set type to import matches a specific type. Specify system or system/trust to verify that the policy set to import is a type of system policy set, including trust service policy sets. Specify application to verify that the policy set is an application policy set. (String, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

listPolicyTypes

The listPolicyTypes command returns a list of the names of the policies configured on your system. The input parameters allow us to list each policy type configured in the system, the policy types configured in a policy set, or the policy types in a binding.

If administrative security is enabled, each admin role can list policy types.

Target object

None.

Optional parameters

-policySet

Name of the policy set to query for policies. If the policy set is not specified, the command lists all policies defined in the configuration. (String, optional)

-bindingLocation

Location of the binding. This value is cell-wide default binding, server-specific default binding, or attachment-specific binding. Specify the bindingLocation parameter as a properties object following these guidelines:

  • For cell-wide default binding, use a null or empty properties.

  • For server-specific default binding, specify the node and server names in the properties. The property names are node and server. Server-specific default bindings are deprecated.

  • For attachment-specific binding, specify the application name and attachment ID in the properties. The property names are application and attachmentId.

  • For system bindings, set the systemType property as trustService.

  • For WSNClient binding, specify the bus name, service name, and attachment ID in the properties. The property names are bus, WSNService, and attachmentId.

(Properties, optional)

-attachmentType

Specifies whether the attachment type is an application binding, client binding, trust service binding, or WS-Notification client binding. (String, optional)

For transitioning users: The application and system/trust values for the -attachmentType parameter are deprecated. Specify the provider value in place of the application value. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-bindingName

Specific general binding. If we specify this parameter, the system displays policy types in the specific binding. (String, optional)

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Return value

The command returns a list of policy types.

Batch mode example usage

Interactive mode example usage

 

getPolicyType

The getPolicyType command returns the attributes for a specified policy.

If administrative security is enabled, each admin role can query attributes for policies.

Target object

None.

Required parameters

-policySet

Name of the policy set to query. (String, required)

-policyType

Name of the policy of interest. (String, required)

Optional parameters

-attributes

Specific attributes to display. If this parameter is not used, the command returns all attributes for the specified policy. (String[], optional)

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Return value

The command returns a properties object containing the policy attributes.

Batch mode example usage

Interactive mode example usage

 

setPolicyType

The setPolicyType command updates the attributes of a specified policy.

The admin console command assistance provides incorrect Jython syntax for the setPolicyType command. The XPath expression for the response message part protection of the Username WSSecurity policy set contains single quotes (') within each XPath property value, which Jython does not support. To fix the command from the admin console command assistance, add a backslash character (\) before each single quote to escape the single quote.

If administrative security is enabled, use the Administrator role to configure policies.

Target object

None.

Required parameters

-policySet

Name of the policy set of interest. (String, required)

-policyType

Name of the policy of interest. (String, required)

-attributes

Specific attributes to be updated. The properties could include all of the policy attributes or a subset of attributes. (Properties, required)

Optional parameters

-replace

Indicates whether the new attributes provided from the command replace the existing policy attributes. For policies with complex data, we can remove optional parts of the configuration when necessary. Use this parameter to get all attributes, perform edits, and replace the binding configuration with the edited data. The default value is false. (Boolean, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

getPolicyTypeAttribute

The getPolicyTypeAttribute command returns the value for the specified policy attribute.

If administrative security is enabled, each admin role can query policy type attribute values.

Target object

None.

Required parameters

-policySet

Name of the policy set of interest. (String, required)

-policyType

Name of the policy of interest. (String, required)

-attributeName

Name of the attribute of interest. (String, required)

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Optional parameters

-fromDefaultRepository

Specifies whether to use the default repository. (Boolean, optional)

Return value

The command returns a string that contains the value of the specified attribute.

Batch mode example usage

Interactive mode example usage

 

setPolicyTypeAttribute

The setPolicyTypeAttribute command sets the value for the specified policy attribute.

If administrative security is enabled, use the Administrator role to configure policy attributes.

Target object

None.

Required parameters

-policySet

Name of the policy set of interest. (String, required)

-policyType

Name of the policy of interest. (String, required)

-attributeName

Name of the attribute of interest. (String, required)

-attributeValue

Value of the attribute of interest. (String, required)

Return value

If the attribute is successfully added to the policy, the command returns the true string value.

Batch mode example usage

Interactive mode example usage

 

getPolicySetAttachments

The getPolicySetAttachments command lists the properties for all policy set attachments configured in a specified application.

If administrative security is enabled, each admin role can query for policy set attachments.

Target object

None.

Optional parameters

-applicationName

Name of the application to query for policy set attachments. For application and client attachments, this parameter is required. Optional.to query for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: The application and system/trust values for the -attachmentType parameter are deprecated. Specify the provider value in place of the application value. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-expandResources

Provides expanded information that details the attachment properties for each resource. An asterisk ( * ) character returns all Web services. This parameter is valid if the value for the -attachmentType parameter is set to provider or client. (String, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. (Properties, optional)

Return value

The command returns a list of properties for each attachment in the application, including the policy set name, attachment ID, and resource list. If specify the expandResources parameter, the command returns the resource, attachmentId, policySet, binding, and directAttachment properties. If a resource is not attached to a policy set, then the system only displays the resource property. The binding property only exists if the attachment contains a custom binding.

Batch mode example usage

Interactive mode example usage

 

createPolicySetAttachment

The createPolicySetAttachment command creates a new policy set attachment for an application. When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to create policy set attachments. If we have access to a specific resource only, we can create policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to create policy set attachments. If we have access to a specific resource only, we can create policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can create policy set attachments for application resources only.
Operator The Operator role cannot create policy set attachments.
Monitor The Monitor role cannot create policy set attachments.

Target object

None.

Required parameters

-policySet

Name of the policy set to attach. (String, required)

-resources

Name of the application resources to attach to the policy set. (String[], required)

Optional parameters

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. Optional.for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: The application and system/trust values for the -attachmentType parameter are deprecated. Specify the provider value in place of the application value. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-dynamicClient

Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. (Properties, optional)

Return value

The command returns a string with the ID of the new attachment.

Batch mode example usage

Interactive mode example usage

 

updatePolicySetAttachment

The updatePolicySetAttachment command updates the resources that apply to a policy set attachment. When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to configure policy set attachments. If we have access to a specific resource only, we can configure policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to configure policy set attachments. If we have access to a specific resource only, we can configure policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can configure policy set attachments for application resources only.
Operator The Operator role cannot configure policy set attachments.
Monitor The Monitor role cannot configure policy set attachments.

Target object

None.

Required parameters

-attachmentId

Name of the attachment to update. (String, required)

-resources

Names of the application resources to attach to the policy set. (String, required)

Optional parameters

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. Optional.for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: The application and system/trust values for the -attachmentType parameter are deprecated. Specify the provider value in place of the application value. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-dynamicClient

Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. (Properties, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

addToPolicySetAttachment

The addToPolicySetAttachment command adds additional resources that apply to a policy set attachment. When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to add resources to policy set attachments. If we have access to a specific resource only, we can add resources to policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to add resources to policy set attachments. If we have access to a specific resource only, we can add resources to policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can add resources to policy set attachments for application resources only.
Operator The Operator role cannot add resources to policy set attachments.
Monitor The Monitor role cannot add resources to policy set attachments.

Target object

None.

Required parameters

-attachmentId

Name of the attachment to update. (String, required)

-resources

Names of the application resources to attach to the policy set. (String, required)

Optional parameters

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. Optional.for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: The application and system/trust values for the -attachmentType parameter are deprecated. Specify the provider value in place of the application value. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-dynamicClient

Set this parameter to true, the system will not recognize the client resources. This option specifies that the client resources are not validated. (Boolean, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. (Properties, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

removeFromPolicySetAttachment

The removeFromPolicySetAttachment command removes resources that apply to a policy set attachment. When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to remove resources from policy set attachments. If we have access to a specific resource only, we can remove resources for which you have access.
Configurator The Configurator role must have cell-wide access to remove resources from policy set attachments. If we have access to a specific resource only, we can remove the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can remove resources from policy set attachments for application resources only.
Operator The Operator role cannot remove resources from policy set attachments.
Monitor The Monitor role cannot remove resources from policy set attachments.

Target object

None.

Required parameters

-attachmentId

Name of the attachment to remove. (String, required)

-resources

Names of the application resources to attach to the policy set. (String, required)

Optional parameters

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. Optional.for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: The application and system/trust values for the -attachmentType parameter are deprecated. Specify the provider value in place of the application value. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. (Properties, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

deletePolicySetAttachment

The deletePolicySetAttachment command removes a policy set attachment from an application. When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, we can delete policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, we can delete policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can delete policy set attachments for application resources only.
Operator The Operator role cannot delete policy set attachments.
Monitor The Monitor role cannot delete policy set attachments.

Target object

None.

Required parameters

-attachmentId

Name of the attachment to delete. (String, required)

Optional parameters

-applicationName

Name of the application of interest for policy set attachments. For application and client attachments, this parameter is required. Optional.for trust service attachments. (String, optional)

-attachmentType

Type of policy set attachments. (String, optional)

For transitioning users: The application and system/trust values for the -attachmentType parameter are deprecated. Specify the provider value in place of the application value. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attachmentProperties

Specifies information that is required to identify the location of the attachment. For WSNClient attachments, specify the attachmentType parameter as client, and use the -attachmentProperties parameter to specify the bus and WSNService properties. For system policy set attachments, specify the attachmentType parameter as provider, and use the -attachmentProperties parameter to set the systemType property value to trustService. (Properties, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

listAssetsAttachedToPolicySet

The listAssetsAttachedToPolicySet command lists the applications or WS-Notification service clients to which a specific policy set is attached.

If administrative security is enabled, each admin role can list applications that are attached to policy sets.

Target object

None.

Required parameters

-policySet

Name of the policy set of interest. (String, required)

Optional parameters

-attachmentType

Type of policy set attachments. The value for this parameter must be provider, client, WSNClient, WSMex, or all. The default value is all. (String, optional)

Return value

The command returns a list of properties that describe each asset. Each properties object contains the assetType property, which specifies the type of asset.

Batch mode example usage

Interactive mode example usage

 

listAttachmentsForPolicySet

The listAttachmentsForPolicySet command lists the applications to which a specific policy set is attached.

If administrative security is enabled, each admin role can query for policy set attachments.

Target object

None.

Required parameters

-policySet

Name of the policy set of interest. (String, required)

Optional parameters

-attachmentType

Type of policy set attachments. The value for this parameter must be application, client, or system/trust. The default value is application. (String, optional)

Return value

The command returns a list of application names.

Batch mode example usage

Interactive mode example usage

 

deleteAttachmentsForPolicySet

The deleteAttachmentsForPolicySet command removes all attachments for a specific policy set. When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, we can delete policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to delete policy set attachments. If we have access to a specific resource only, we can delete policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can delete policy set attachments for application resources only.
Operator The Operator role cannot delete policy set attachments.
Monitor The Monitor role cannot delete policy set attachments.

Target object

None.

Required parameters

-policySet

Name of the policy set from which to remove the attachments. (String, required)

Optional parameters

-applicationName

Name of the application of interest. The command only deletes attachments for the application of interest if we specify this parameter. (String, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. We can specify values for the bus and WSNService properties. (Properties, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

transferAttachmentsForPolicySet

The transferAttachmentsForPolicySet command transfers all attachments from one policy set to another policy set. When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to transfer policy set attachments. If we have access to a specific resource only, we can transfer policy set attachments for the resource for which we have access.
Configurator The Configurator role must have cell-wide access to transfer policy set attachments. If we have access to a specific resource only, we can transfer policy set attachments for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can transfer policy set attachments for application resources only.
Operator The Operator role cannot transfer policy set attachments.
Monitor The Monitor role cannot transfer policy set attachments.

Target object

None.

Required parameters

-sourcePolicySet

Source policy set from which to copy attachments. (String, required)

-destinationPolicySet

Name of the policy set to which the attachments are copied. (String, required)

Optional parameters

-applicationName

Name of the application of interest. The command only transfers attachments for the application of interest if we specify this parameter. (String, optional)

-attachmentProperties

Specifies information that is required to identify the location of the attachment. We can specify values for the bus and WSNService properties. (Properties, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

getBinding

The getBinding command returns the binding configuration for a specified policy and scope. We can use the getBinding command to return a list of available custom bindings, which includes bindings that are and are not referenced by attachments.

If administrative security is enabled, each admin role can query for binding configuration information.

For transitioning users: In WAS Version 7.0, the security model is enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of WAS ND. In the WAS V 6.1 Feature Pack for Web Services, we can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In V7.0, we can configure one or more general service provider bindings and one or more general service client bindings. After we have configured general bindings, we can specify which of these bindings is the global default binding. We can also optionally specify general binding that are used as the default for an appserver or a security domain. trns

To support a mixed-cell environment, WAS supports V7.0 and V6.1 bindings. General cell-level bindings are specific to V7.0 Application-specific bindings remain at the version that the application requires. When the user creates an application-specific binding, the appserver determines the required binding version to use for application.

Target object

None.

Required parameters

-policyType

Policy of interest. (String, required)

-bindingLocation

Location of the binding. (Properties, required)Specify the bindingLocation parameter as a properties object following these guidelines:

  • For cell-wide general binding or WAS Version 6.1 cell default bindings, specify a null or empty properties.

  • For WAS V6.1 server-specific default binding, specify the node and server names in the properties. The property names are node and server. Server-specific default bindings are deprecated.

  • For WAS V7.0 server default bindings, specify a null or empty properties. Use the bindingName parameter to identify the binding location.

  • For attachment-specific, specify the application name and attachment ID in the properties. The property names are application and attachmentId.

  • For WSNClient bindings, specify the bus name, service name, and attachment ID in the properties. The property names are bus, WSNService, and attachmentId. If we specify an asterisk character (*) as the attachment ID, then the command returns the list of binding names that corresponds to the attachment type of interest.

  • For system/trust bindings, set the systemType property as trustService.

Optional parameters

-attachmentType

Type of policy set attachment. Use this parameter to distinguish between types of attachment custom bindings. (String, optional)

For transitioning users: The application and system/trust values for the -attachmentType parameter are deprecated. Specify the provider value in place of the application value. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attributes

Names of the attributes to return. If this parameter is not specified, the command returns all attributes. (String[], optional)

-bindingName

Binding name of interest. Specify to display a general cell-level binding or a custom attachment binding. (String, optional)

Return value

The command returns a properties object that contains the requested configuration attributes for the policy binding.

Batch mode example usage

Interactive mode example usage

 

setBinding

The setBinding command updates the binding configuration for a specified policy. Use this command to add a server-specific binding, update an attachment to use a custom binding, edit binding attributes, or to remove a binding configuration. When administrative security is enabled, verify that you use the correct administrative role, as the following table describes:

Administrative role Authorization
Administrator The Administrator role must have cell-wide access to configure bindings. If we have access to a specific resource only, we can configure custom bindings for the resource for which we have access. The Administrator role is the only role that can modify binding configurations.
Configurator The Configurator role must have cell-wide access to assign and unassign bindings. If we have access to a specific resource only, we can assign and unassign bindings for the resource for which we have access.
Deployer The Deployer role with cell-wide or resource specific access can assign or unassign bindings for application resources only.
Operator The Operator role cannot configure bindings.
Monitor The Monitor role cannot configure bindings.

For transitioning users: In WAS Version 7.0, the security model is enhanced to a domain-centric security model instead of a server-based security model. The configuration of the default global security (cell) level and default server level bindings has also changed in this version of WAS ND. In the WAS V 6.1 Feature Pack for Web Services, we can configure one set of default bindings for the cell and optionally configure one set of default bindings for each server. In V7.0, we can configure one or more general service provider bindings and one or more general service client bindings. After we have configured general bindings, we can specify which of these bindings is the global default binding. We can also optionally specify general binding that are used as the default for an appserver or a security domain. trns

To support a mixed-cell environment, WAS supports V7.0 and V6.1 bindings. General cell-level bindings are specific to V7.0 Application-specific bindings remain at the version that the application requires. When the user creates an application-specific binding, the appserver determines the required binding version to use for application.

Target object

None.

Required parameters

-bindingLocation

Location of the binding. (Properties, required)Specify the bindingLocation parameter as a properties object following these guidelines:

  • For cell-wide general binding or WAS Version 6.1 cell default bindings, specify a null or empty properties.

  • For WAS V6.1 server-specific default binding, specify the node and server names in the properties. The property names are node and server. Server-specific default bindings are deprecated.

  • For WAS V7.0 server default bindings, specify a null or empty properties. Use the bindingName parameter to identify the binding location.

  • For attachment-specific, specify the application name and attachment ID in the properties. The property names are application and attachmentId.

  • For WSNClient bindings, specify the bus name, service name, and attachment ID in the properties. The property names are bus, WSNService, and attachmentId. If we specify an asterisk character (*) as the attachment ID, then the command returns the list of binding names that corresponds to the attachment type of interest.

  • For system/trust bindings, set the systemType property as trustService.

-policyType

Policy of interest. (String, required)

Optional parameters

-attachmentType

Type of policy set attachment. Use this parameter to distinguish between types of attachment custom bindings. (String, optional)

For transitioning users: The application and system/trust values for the -attachmentType parameter are deprecated. Specify the provider value in place of the application value. For system policy set attachments, specify the provider value for the attachmentType parameter and the "[systemType trustService]" value for the -attachmentProperties parameter. For WSNClient attachments, specify the client value for the attachmentType parameter and the bus and WSNService properties with the -attachmentProperties parameter.trns

-attributes

Attribute values to update. This parameter can include all binding attributes for the policy or a subset to update. If the attributes parameter is not specified, the command only updates the binding location used by the specified attachment. (Properties, optional)

-bindingName

Name for the binding. Specify to assign a new name to an attachment binding or cell-level binding. A name is generated if it is not specified. (String, optional)

-domainName

Domain name for the binding. Required.when using the command to create and scope a binding to a specific domain other than the administrative security domain. The default value is global. (String, optional)

-replace

Specifies whether to replace all of the existing binding attributes with the attributes specified in the command. Use this parameter to remove optional parts of the configuration for policies with complex data. The default value is false. (Boolean, optional)

-remove

Specifies whether to remove a server-specific default binding or to remove a custom binding from an attachment. We cannot remove cell-level default binding. The default value is false. (Boolean, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

getDefaultBindings

The getDefaultBindings command displays the provider and client default bindings if the bindings are set. If the command does not return output, then the system default binding is the current default.

If administrative security is enabled, each admin role can query for default bindings.

Target object

None.

Optional parameters

-bindingLocation

Location of the binding. Specify the bindingLocation parameter as a properties object with values for the node and server properties. (Properties, optional)

-domainName

Domain name for the binding of interest. Required.if the domain of interest is not in the global security domain and you specified the bindingLocation parameter. The bindingLocation and domainName parameters are mutually exclusive. The default value is global. (String, optional)

Return value

The command returns a properties object that contains the names of the provider and client default bindings, if the bindings are set.

Batch mode example usage

Interactive mode example usage

 

getRequiredBindingVersion

The getRequiredBindingVersion command displays the version number of the binding for a specific application.

Target object

None.

Optional parameters

-assetProps

Name of the application of interest. (Properties, optional)

Return value

The command returns the binding version number as a number, such as 7.0.0.0 or 6.1.0.0.

Batch mode example usage

Interactive mode example usage

 

setDefaultBindings

The setDefaultBindings command to set a binding as the default binding.

If administrative security is enabled, use the Administrator role with cell-wide access to configure bindings. If we use the Administrator role and do not have cell-wide access, we can only configure bindings on resources for which we have access.

Target object

None.

Required parameters

-defaultBinding

Names of the default bindings for the provider, client, or both. (Properties, required)

Optional parameters

-bindingLocation

Location of the binding. Specify the bindingLocation parameter as a properties object with values for the node and server properties. (Properties, optional)

-domainName

Domain name for the binding of interest. Required.if the domain of interest is not in the global security domain and you specified the bindingLocation parameter. The bindingLocation and domainName parameters are mutually exclusive. The default value is global. (String, optional)

Return value

The command returns a value of true if the command successfully sets the default binding.

Batch mode example usage

Interactive mode example usage

 

exportBinding

The exportBinding command export a general, cell-level binding to an archive file. We can copy this file to a client environment or import the archive to a server environment.

If administrative security is enabled, use the Administrator role with cell-wide access to export bindings.

Target object

None.

Required parameters

-bindingName

Name of the binding to assign as the default binding. If we do not specify this parameter, the system specifies the system default as the default binding. (String, required)

-pathName

File path for the archive file to create. (String, required)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

importBinding

The importBinding command imports a general, cell-level binding from a compressed archive file to a server environment.

If administrative security is enabled, use the Administrator role with cell-wide access to import bindings.

Target object

None.

Required parameters

-pathName

File path for the archive file to import. (String, required)

Optional parameters

-bindingName

Name of the binding to assign as the imported binding. If we do not specify this parameter, the system specifies the binding name in the archive file. (String, optional)

-domainName

Specifies a new name of the domain of the binding to import. If we do not specify this parameter, the command uses the domain specified in the archive file. (String, optional)

-verifyBindingType

Verifies that the type of binding to import matches a specific binding type. Specify provider to verify that the binding to import is a provider binding, or specify client to verify that it is a client binding. (String, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

copyBinding

The copyBinding command creates a new general, cell-level binding from an existing binding.

If administrative security is enabled, use the Administrator role with cell-wide access to copy bindings.

Target object

None.

Required parameters

-sourceBinding

Name of the existing binding that the system uses to create the new binding. (String, required)

-newBinding

Name of the binding to create. (String, required)

Optional parameters

-newDescription

Description text for the new binding. (String, optional)

-domainName

Domain name for the binding. This parameter is only required if we scope the binding to a domain other than the domain of the source binding. (String, optional)

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage

 

upgradeBindings

The upgradeBindings command upgrades application bindings for a specific asset to the latest version.

If administrative security is enabled, use the Administrator role with cell-wide access to import bindings.

Target object

None.

Required parameters

-assetProps

Name of the asset of interest. Specify the name of the application as the value for the application property. (Properties, required)

Optional parameters None

Return value

The command returns a success or failure message.

Batch mode example usage

Interactive mode example usage




Related concepts


Web services policy sets

 

Related tasks


Set application and system policy sets for Web services using scripting
Create policy sets using wsadmin
Add and remove policies using wsadmin
Delete policy sets using wsadmin
Create policy set attachments using wsadmin
Manage policy set attachments using wsadmin
Remove policy set attachments using wsadmin

 

Related


Policy configuration properties for all policies