acpload utility
Overview
The acpload utility loads XML files containing access control policies into the appropriate databases.
The acpload utility does not unload access control policies. To delete or remove components of a policy, administrators can use the Organization Administration Console to perform these tasks.
The acpload utility only requires the parameter...
input_filenameThe test server should be stopped before running the utility.
If you create customized XML files, copy them into...
WC_INSTALL/xml/policies/xml...to have them loaded into the databases. Validate the XML files against the corresponding DTD changes.
There is a setting in the loading scripts that specifies the following parameter setting while resolving ID's and loading the data to the database:
-maxerror 100000This means that if there up to 100000 foreign key violations while loading the data, they will be ignored, instead of aborting. This value can be increased or decreased as needed. For example, stop after one such error, you would change the value to 1.
To load access groups and access control policies, run the following utilities in this sequence:
acugload Load the user access group definitions acpload Load the main access control policy acpnlsload Load the display names and descriptions If you create customized XML files, use the full path to the DTD in the file. The access control policies DTDs are located in...
WC_INSTALL/xml/policies/dtdTo run the utility, login using the non-root ID, which requires the following permissions:
- Read/write/execute authority to the directories, subdirectories, and files of...
WC_INSTALL/xml/policies
WC_INSTALL/logs
- Read/execute authority to...
WC_INSTALL/bin/*If the user does not have the required authority, grant this authority using the chmod command.
You must login with a profile which has the following permissions:
- Read/write/execute authority to files under...
WC_INSTALL/xml/policies
WC_USER/instances
WC_USER/instances/ instance/logs
- Read/execute authority to...
WC_INSTALL/bin/*For example, define the profile with USRCLS *SECOFR.
Check for errors in the log files. Note that errors might not appear on the command line.
- Check the acpload.log and messages.txt files...
WC_INSTALL/logs
WC_USER/instances/acpload.log
WC_USER/instances/ instance/logs/messages.txt
- Any error files generated in...
WC_INSTALL/xml/policies/xmlUpdate the registries: Access Control Policies and Access Control Policy Groups.
If your new view errors when pulled up in a web browser, it could be because an access control policy for the view was not created and loaded using acpload.
Parameter values
database Required. Name of the database in which to load the policy. database_user Required. Name of the database user who can connect to the database. database_user_password Required. The associated password for the database user. input_filename Required. The input policy XML file that specifies what policy data to load into the database. schema_name Optional. The name of target database schema. This name is normally the same as database_user. This parameter is required if there are multiple schemas in the database into which you are loading data.
The schema_name is required for Oracle.
Example
From the WC_INSTALL/bin directory, run:
- ./acpload.sh mall dbuser dbusrpwd defaultAccessControlPolicies.xml
- acpload.cmd mall dbuser dbusrpwd defaultAccessControlPolicies.xml
- acpload defaultAccessControlPolicies.xml
Related concepts
Organization Administration Console
Related reference
Examples: Customizing access control policies using the Organization Administration Console