Use the Update Security task

Use the Update Security task to apply inherited access permissions and remove existing item access permissions for all items or all items of a given type. This task is useful as a post-migration step, or if you are applying major changes to your inheritance settings.

This task requires either:

• WebSphere Portal version 6.1.0.0 with either the PK69096 migration interim fix or the PK70148 cumulative interim fix or higher.

• WebSphere Portal version 6.1.0.1 or higher.

Running the Update Security task

1. Open a command prompt.

2. To apply inherited access permissions to all items in a library named "MyLibrary" for all roles, run the following command from profile_root/ConfigEngine:

   Windows: ConfigEngine.bat run-wcm-admin-task-update-security -DWasPassword=password -DPortalAdminId=username -DPortalAdminPwd=password -DWasPassword=password -Dlibrary=MyLibrary -DinheritPerms=apply

   UNIX: ./ConfigEngine.sh run-wcm-admin-task-update-security -DWasPassword=password -DPortalAdminId=username -DPortalAdminPwd=password -DWasPassword=password -Dlibrary=MyLibrary -DinheritPerms=apply

   i5/OS: ConfigEngine.sh run-wcm-admin-task-update-security -DWasPassword=password -DPortalAdminId=username -DPortalAdminPwd=password -DWasPassword=password -Dlibrary=MyLibrary -DinheritPerms=apply

   An administrator user name and password is not required if you have already specified the portal administrator user name and password using the PortalAdminId and PortalAdminPwd settings in the wkplc.properties file.

3. To remove inherited access permissions to all items in a library named "MyLibrary" for all roles, run the following command:

   Windows: ConfigEngine.bat run-wcm-admin-task-update-security -DPortalAdminId=username -DPortalAdminPwd=password -DWasPassword=password -Dlibrary=MyLibrary -DinheritPerms=remove

   UNIX: ./ConfigEngine.sh run-wcm-admin-task-update-security -DPortalAdminId=username -DPortalAdminPwd=password -DWasPassword=password -Dlibrary=MyLibrary -DinheritPerms=remove

   i5/OS: ConfigEngine.sh run-wcm-admin-task-update-security -DPortalAdminId=username -DPortalAdminPwd=password -DWasPassword=password -Dlibrary=MyLibrary -DinheritPerms=remove

   An administrator user name and password is not required if you have already specified the portal administrator user name and password using the PortalAdminId and PortalAdminPwd settings in the wkplc.properties file.

4. To remove existing item access permissions for all items in a library named "MyLibrary" for all roles, run the following command:

   Windows: ConfigEngine.bat run-wcm-admin-task-update-security -DPortalAdminId=username -DPortalAdminPwd=password -DWasPassword=password -Dlibrary=MyLibrary -DremoveExistingPerms=true

   UNIX: ./ConfigEngine.sh run-wcm-admin-task-update-security -DPortalAdminId=username -DPortalAdminPwd=password -DWasPassword=password -Dlibrary=MyLibrary -DremoveExistingPerms=true

   i5/OS: ConfigEngine.sh run-wcm-admin-task-update-security -DPortalAdminId=username -DPortalAdminPwd=password -DWasPassword=password -Dlibrary=MyLibrary -DremoveExistingPerms=true

   An administrator user name and password is not required if you have already specified the portal administrator user name and password using the PortalAdminId and PortalAdminPwd settings in the wkplc.properties file.

Running the Update Security task for all libraries

You can run the Update Security task for all libraries by replacing the option -Dlibrary=libraryName with the option -DallLibraries=true in the command. If neither option is specified, the Update Security task will process the default library.

Restrict the task to only update specified items types

You can restrict which objects types are processed by appending -DrestrictOn=ItemType to the command.

For example: -DrestrictOn=Content,Style,Template,Taxonomy,Category,Site,SiteArea,Workflow,WorkflowStage,WorkflowAction,Cmpnt.

If not specified, the security of all object types will be updated.

Preserving dates

You can preserve the last modified date of items updated by the Update Security task by adding -DpreserveDates=true to the command. Otherwise the last modified date will be updated when the Update Security task is run.

Defining the session timeout

To prevent your session timing out before the task has finished, you can append the option -DsessionTimeOut=timeOut to the command. This sets the number of seconds in which the task must complete before its session will timeout. The default session timeout is 14,440 seconds, which is 4 hours. For large repositories you should increase this setting.

For example: -DsessionTimeOut=36000, which is 10 hours.

Examples

All of the options can be combined.

For instance, to remove existing item access permissions and apply inherited access permissions to Content in the a library called 'MyLibrary', whilst preserving the last modified dates of the items, run the following command:

Windows: ConfigEngine.bat run-wcm-admin-task-update-security -DWasPassword=password -Dlibrary=MyLibrary -DremoveExistingPerms=true -DinheritPerms=apply -DrestrictOn=Content -DpreserveDates=true

UNIX: ./ConfigEngine.sh run-wcm-admin-task-update-security -DWasPassword=password -Dlibrary=MyLibrary -DremoveExistingPerms=true -DinheritPerms=apply -DrestrictOn=Content -DpreserveDates=true

i5/OS: ConfigEngine.sh run-wcm-admin-task-update-security -DWasPassword=password -Dlibrary=MyLibrary -DremoveExistingPerms=true -DinheritPerms=apply -DrestrictOn=Content -DpreserveDates=true

Parent topic:

Maintaining Web content

---