Extracting policy and access group definitions

The extraction process reads the access control policy and access group information in the database and generates files that capture the information in XML format. The extraction utility uses an input filter XML file to specify which data to extract from the database. You can extract all access group and policy data, all access group data, or all access group and policy data owned by a particular organization.

You should maintain consistency between the XML files and the access control information in the database for several reasons:

When you have finalized and tested your policy changes, you should update the XML files to keep them in sync with policy information in the databases. For a description of the different XML files related to access control policies and access groups, see Defining access control policy elements using XML. Explanations on how to extract policy changes from the databases into the XML files and how to load the policy information from the XML files into the databases are also included.

To extract data, use the appropriate filter file:

  1. If you are extracting access group and policy data for a particular organization, edit the OrganizationPoliciesFilter.xml filter file to specify the organization ID. The OrganizationPoliciesFilter.xml is located in the following directory:

    1. AIXi5/OSiSeriesLinuxSun Solaris Operating EnvironmentWC_installdir/xml/policies/xml
    2. WindowsWC_installdir\xml\policies\xml

    Search for all instances of "member_id" and modify the associated value to the organizational ID for which you want to extract the policies.

  2. i5/OSiSeriesAIXSun Solaris Operating EnvironmentLinux Login as the database user ID.

  3. From the WC_installdir/bin directory, type the following:

    Windowsacpextract.cmd database_namedatabase_userdatabase_user_passwordfilter_fileschema_name
    i5/OSiSeriesAIXSun Solaris Operating EnvironmentLinuxacpextract.sh database_namedatabase_userdatabase_user_passwordfilter_fileschema_name

    where:

    database_name
    (Required) Name of the database in which to load the policy.
    database_user
    (Required) Name of the database user who can connect to the database.
    database_user_password
    (Required) The associated password for the database user.
    filter_file
    (Required)
    ACPoliciesfilter.xml
    Extracts all access group and policy data.
    ACUserGroupsFilter.xml
    Extract all access group data.
    OrganizationPoliciesFilter.xml
    Extract all access group and policy data for a particular organization. Before using this file, it should be edited to specify the required organization ID. The policy data owned by this organization ID will be extracted.
    schema_name
    (Optional) The name of target database schema. This name is normally the same as database_user.

    For example:

    i5/OSiSeriesAIXSun Solaris Operating Environment./acpextract.sh mall dbuser dbusrpwd ACPoliciesfilter.xml
    Windowsacpextract.cmd mall dbuser dbusrpwd ACPoliciesfilter.xml

  4. Check the acpextract.log file. Any errors that may occur while running this script will not appear on the command line.

The following files are created WC_installdir/xml/policies/xml directory.

ExtractedACPolicies.xml
Contains data extracted by the Extract utility for the given filter criteria.
ExtractedACPolicies.dtd
The DTD for the ExtractedACPolicies.xml file.
AccessControlUserGroups.xml
The file containing the access group definitions.
AccessControlPolicies.xml
The file containing the language-independent access control policy information.
AccessControlPolicies_locale.xml
The language-dependent access control policies file that contains the display names and descriptions.

Feedback