Loading access groups and access control policies

To load user access group definitions, run the acugload script. This script loads the <UserGroup> element.

  1. Copy your customized access control policy files to the following directory:

    The customized XML files must conform to the ACUserGroups.dtd file in the following directory:

  2. AIXLinuxSun Solaris Operating EnvironmentLogin as the database user ID.
    Note: The database user ID must have the following permission in order to proceed with the steps:
    • read/write/execute authority to the directories, subdirectories, and files in these directories:
    • read/execute authority to the WC_installdir/bin directory and its files.

    If the database user ID does not have the required authority, you need to grant this authority using the chmod command.

  3. From the WC_installdir/bin directory, type the following:

    AIXi5/OSiSeriesLinuxSun Solaris Operating Environment./acugload.sh database_namedatabase_userdatabase_user_passworduserGroups_xml_fileschema_name
    Windowsacugload.cmd database_namedatabase_userdatabase_user_passworduserGroups_xml_fileschema_name

    where:

    database_name
    (Required) Name of the database in which to load the policy.
    database_user
    (Required) Name of the database user who can connect to the database.
    database_user_password
    (Required) The associated password for the database user.
    userGroups_xml_file
    (Required) The input policy XML file that specifies what user (access) group definitions data to load into the database.
    schema_name
    (Optional) The name of target database schema. This name is normally the same as database_user.

    For example:

    AIXi5/OSiSeriesLinuxSun Solaris Operating Environment ./acugload.cmd mall dbuser dbusrpwd ACUserGroups_en_US.xml
    Windowsacugload.cmd mall dbuser dbusrpwd ACUserGroups_en_US.xml

  4. Check the acugload.log file. Any errors that may occur while running this script will not appear on the command line.
  5. Proceed to Loading access control policy definitions and other policy-related elements (acpload).
Notes:
  1. To load the access groups and access control policies, you need to run the following related utilities in this sequence:
    1. acugload (loads the user access group definitions)
    2. acpload (loads the main access control policy)
    3. acpnlsload (loads the display names and descriptions)
  2. If you create customized XML files, you need to copy them into the WC_installdir/xml/policies/xml directory to have them loaded into the databases.
  3. There is a setting in the loading scripts that specifies the following parameter setting while resolving ID's and loading the data to the database: "-maxerror 100000".This means that if there up to 100000 foreign key violations while loading the data, they will be ignored, instead of aborting. This value can be increased or decreased as needed. For example, if you want to stop after one such error, you would change the value to 1.
  4. i5/OSiSeriesIf you create customized XML files, you must use the full path to the DTD in your file. The access control policies DTDs are located in WC_installdir/xml/policies/dtd.
  5. When creating a custom policy, do not alter the ACUserGroups_locale.xml file. Use this file as a reference to see the structure when creating your custom policy.

Feedback