Extracting policy and access group definitions

The extraction process reads the access control policy and access group information in the database and generates files that capture the information in XML format. The extraction utility uses an input filter XML file to specify which data to extract from the database. You can extract all access group and policy data, all access group data, or all access group and policy data that is owned by a particular organization.

About this task

Maintain consistency between the XML files and the access control information in the database. By maintaining this consistency:

  • When you create an instance of WebSphere Commerce, the policy and access group definitions are loaded from the XML files.
  • The XML files offer a convenient way to directly view and edit your policies and their component parts so keeping the files up-to-date is essential.

When you finalize and test your policy changes, update the XML files to keep them in sync with policy information in the databases. For a description of the different XML files that are related to access control policies and access groups, see Defining access control policy elements using XML. Explanations on how to extract policy changes from the databases into the XML files and how to load the policy information from the XML files into the databases are also included.

To extract data, use the appropriate filter file:

Procedure

  1. If you are extracting access group and policy data for a particular organization, edit the OrganizationPoliciesFilter.xml filter file to specify the organization ID. The OrganizationPoliciesFilter.xml is in the following directory:
    • LinuxAIXFor IBM i OS operating system WC_installdir/xml/policies/xml
    • Windows WC_installdir\xml\policies\xml

    Search for all instances of "member_id" and modify the associated value to the organizational ID for which you want to extract the policies.

  2. To run the utility:

    LinuxAIXWindows You must log in as a user that has the following permissions:

    • Read/write/execute authority to the directories, subdirectories, and files of WC_installdir/xml/policies and WC_installdir/logs.
    • Read/execute authority to the WC_installdir/bin directory and its files.

      If the user does not have the required authority, you must grant this authority with the chmod command.

    For IBM i OS operating system You must log in with a profile that has the following permissions:
    • Read/write/execute authority to files under WC_installdir/xml/policies, WC_userdir/instances, and WC_userdir/instances/instance_name/logs.
    • Read/execute authority to the WC_installdir/bin directory and its files.

      For example, define the profile with USRCLS *SECOFR.

  3. From the WC_installdir/bin directory, type the following command.
    • Windows acpextract.cmd database_name database_user database_user_password filter_file schema_name
    • LinuxAIXFor IBM i OS operating system acpextract.sh database_name database_user database_user_password filter_file schema_name
    • Apache Derby acpextract filter_file
    where:
    database_name
    (Mandatory). Name of the database in which to load the policy.
    database_user
    (Mandatory). Name of the database user who can connect to the database.
    database_user_password
    (Mandatory). The associated password for the database user.
    filter_file
    (Mandatory).
    ACPoliciesfilter.xml
    Extracts all access group and policy data.
    ACUserGroupsFilter.xml
    Extract all access group data.
    OrganizationPoliciesFilter.xml
    Extract all access group and policy data for a particular organization. Before you use this file, ensure that it is edited to specify the organization ID. The policy data that is owned by this organization ID is extracted.
    schema_name
    The name of target database schema. This name is normally the same as database_user. If you have a single schema, this parameter is optional. If you have multiple schemas, such as a base and workspace schema, this parameter is mandatory. Run the access control policy extraction utility from the base schema.
    For example:
    • LinuxAIXFor IBM i OS operating system./acpextract.sh mall dbuser dbusrpwd ACPoliciesfilter.xml
    • Windowsacpextract.cmd mall dbuser dbusrpwd ACPoliciesfilter.xml
  4. Check for errors in the log files. Errors might not display on the command line.
    • LinuxAIXCheck the acpextract.log and messages.txt files in the following directory: WC_installdir/logs
    • For IBM i OS operating systemWC_userdir /instances/acpextract.log
    • For IBM i OS operating systemWC_userdir/instances/instance_name/logs/messages.txt
    • Any error files that are generated in WC_installdir/xml/policies/xml directory.
    The following files are created WC_installdir/xml/policies/xml directory.
    ExtractedACPolicies.xml
    Contains data that is extracted by the acpextract utility for the filter criteria.
    ExtractedACPolicies.dtd
    The DTD for the ExtractedACPolicies.xml file.
    AccessControlUserGroups.xml
    The file that contains the access group definitions.
    AccessControlPolicies.xml
    The file that contains the language-independent access control policy information.
    AccessControlPolicies_ locale.xml
    The language-dependent access control policies file that contains the display names and descriptions.