Policy Managers Guide
This section provides instructions and information on how to export policy data from the database. Before you begin, you should understand the basic concepts of the BEA WebLogic Enterprise Security policy model as described in the Introduction to BEA WebLogic Enterprise Security. You should also know how to edit text files containing program parameters and environment variables for the operating system you are using.
This section covers the following topics:
Policy exporting allows you to output data from the policy database to text files called policy files. These policy files can be imported back to the same or another policy database using the Policy Import tool, as described in Importing Policy Data. This tool allows you to transfer your policy data easily to a production environment.
To perform policy exporting, you need access to the policy database. In general, you can access the policy database when you are the policy owner or the database administrator.
The policy exporter does not export user-related and group-related data, such as user lists, group lists, user to group membership, and user and group attribute values (for example, data stored in an external repository). However, the policy exporter can output any rules written on users and groups. Therefore, when you are importing the exported policy into another instance of policy database using the Policy Import tool, be sure that the users and groups directly referenced in that policy exist in that policy database before the import takes place. An import rule checks for the existence of users and groups.
The policy files exported that you can import by using the Policy Import tool include: dir
, decl
, schema
, object
, engine
, binding
, role
, priv
, privgrp
, privbinding
, rule
, objattr
, piquery
, pvquery
. All the files are created even though some files may not contain any records. There are two other files exported: object_config
, and objattr_config
, that in general are not imported using Policy Import tool. They contain the data for resource configuration.
Before you begin, perform the following tasks:
Ensure that the directory is not write-protected. The free space that the export requires depends on the size of your existing policy. If your export fails because of insufficient disk space, add more space before attempting the export again. In addition, ensure that the full directory path contains no white space.
Depending on the database system, you need to have either the Oracle or Sybase client installed and configured to connect to the policy database. Make sure all the environment settings are correct as discussed in Database Setup in the Administration Application Installation Guide.
Make sure you can access the policy database using the isql (Sybase) or sqlplus
(Oracle) command. You must be the policy owner or database administrator to run the export tool. When exporting, you are asked to provide the information for policy owner, your database login id and password.
This procedure exports your policy from the database into formatted text files. You perform this export using the export tool included as part of the Administration Application.
Running the export tool on Sun Solaris requires the use of a shell script. If you do not normally use this shell or have difficulty running the tool, check with your Unix system administrator to determine if it is available in your environment. For Linux, you can run this script from a Borne shell.
Before you begin, make sure you have the information listed in Table 6-1.
To export the policy data on a Unix platform, perform the following steps:
PATH
environment variable. Also, ensure that the Oracle or Sybase client is set up as described in Database Setup in the Administration Application Installation Guide.The policy owner is the owner of the policy database, (for example, the database schema owner). Do not confuse the database owner (dbo) with the policy owner in Sybase.
When exporting the policy, the configuration resources are saved to the following files: object_config
and objattr_config
. The Policy Import tool does not import these two files by default. If you want to import the configuration resources, you need to create a directory, and copy object_config
, objattr_config
, and binding
into that directory. Rename object_config
to object and objattr_config
to objattr
. Then you can configure the Policy Import tool to import these to file in this new directory.
This procedure exports your policy from the database into formatted text files. You perform this export using the export tool included as part of the Administration Application.
Before you begin, make sure you have the information listed in Table 6-1:
To export the policy data on a Windows platform, perform the following steps:
PATH
. Also, ensure that the Sybase or Oracle client environment is set up as discussed in Database Setup in the Administration Application Installation Guide.For Oracle, type the following command, and then press <Enter>:
export_policy_oracle.bat server
policyowner
login
password
directory
For Sybase, type the following command, and then press <Enter>:
export_policy_sybase.bat server
database
policyowner
login
password
directory
where server
, database
, policyowner
, login
, and directory
are as defined in Table 6-1.
When exporting the policy, the configuration resources are saved to the following files: object_config
and objattr_config
. The Policy Import tool does not import these two files by default. If you want to import the configuration resources, you need to create a directory, and copy object_config
, objattr_config
, and binding
into that directory. Rename object_config
to object and objattr_config
to objattr
. Then you can configure the Policy Import tool to import these to file in this new directory.
Now, you can import the exported policy into policy database using the Policy Import tool. The exported policy files are in the format required by the Policy Import tool; however, you need to configure the tool to point to the exported file directory. You also need to create a policy distribution file distribution
if you want the policy to be automatically distributed after the import completes. For additional information, see Importing Policy Data.