Skip navigation.

eDocs Home > BEA WebLogic Enterprise Security 4.2 Documentation > Policy Managers Guide > Exporting Policy Data

Policy Managers Guide

  Previous Next vertical dots separating previous/next from contents/index/pdf Contents Index View as PDF   Get Adobe Reader

Exporting Policy Data

This section provides instructions and information on how to export policy data from the database. Before you begin, you should understand the basic concepts of the BEA WebLogic Enterprise Security policy model as described in the Introduction to BEA WebLogic Enterprise Security. You should also know how to edit text files containing program parameters and environment variables for the operating system you are using.

This section covers the following topics:

 

Policy Exporter Tool

Policy exporting allows you to output data from the policy database to text files called policy files. These policy files can be imported back to the same or another policy database using the Policy Import tool, as described in Importing Policy Data. This tool allows you to transfer your policy data easily to a production environment.

To perform policy exporting, you need access to the policy database. In general, you can access the policy database when you are the policy owner or the database administrator.

The policy exporter does not export user-related and group-related data, such as user lists, group lists, user to group membership, and user and group attribute values (for example, data stored in an external repository). However, the policy exporter can output any rules written on users and groups. Therefore, when you are importing the exported policy into another instance of policy database using the Policy Import tool, be sure that the users and groups directly referenced in that policy exist in that policy database before the import takes place. An import rule checks for the existence of users and groups.

The policy files exported that you can import by using the Policy Import tool include: dir, decl, schema, object, engine, binding, role, priv, privgrp, privbinding, rule, objattr, piquery, pvquery. All the files are created even though some files may not contain any records. There are two other files exported: object_config, and objattr_config, that in general are not imported using Policy Import tool. They contain the data for resource configuration.

 

Before You Begin

Before you begin, perform the following tasks:

  1. Locate or create a target directory in which to store the policy files.

    2. Ensure that the directory is not write-protected. The free space that the export requires depends on the size of your existing policy. If your export fails because of insufficient disk space, add more space before attempting the export again. In addition, ensure that the full directory path contains no white space.

  2. Ensure that the database client is installed and configured, and that you have access to the database.

    3. Depending on the database system, you need to have either the Oracle or Sybase client installed and configured to connect to the policy database. Make sure all the environment settings are correct as discussed in Database Setup in the Administration Application Installation Guide.

    Make sure you can access the policy database using the isql (Sybase) or sqlplus (Oracle) command. You must be the policy owner or database administrator to run the export tool. When exporting, you are asked to provide the information for policy owner, your database login id and password.

  3. Ensure that you run the tools from bin subdirectory for the product installation.

    4. You need to run the exporting scripts in this directory because the scripts need to locate the some files relative to this directory.

    On a Microsoft Windows platform, you can open a DOS command prompt window and change to this directory.

 

Exporting Policy Data on Unix Platforms

This procedure exports your policy from the database into formatted text files. You perform this export using the export tool included as part of the Administration Application.

Running the export tool on Sun Solaris requires the use of a shell script. If you do not normally use this shell or have difficulty running the tool, check with your Unix system administrator to determine if it is available in your environment. For Linux, you can run this script from a Borne shell.

Before you begin, make sure you have the information listed in Table 6-1.

Table 6-1 Information Require to Export Policy Data

Information

Description

server

Name of your database server (Sybase) or the service name of the database server instance (Oracle).

database

Name of your database (Sybase only).

policyowner

Name of the owner of the policy database. Do not confused this with the database owner for Sybase.

login

The Sybase or Oracle ID.

password

Password used to access your Sybase or Oracle database.

directory

The target directory for the exported policy files, including the full path. This directory cannot contain white space.


 

To export the policy data on a Unix platform, perform the following steps:

  1. Open a command window and change to BEA_HOME/wles42-admin/bin directory.
  2. Ensure that all the *_oracle.sh (for Oracle) or *_sybase.sh files (for Sybase) have execution permission and that the current path (.) is included in the PATH environment variable. Also, ensure that the Oracle or Sybase client is set up as described in Database Setup in the Administration Application Installation Guide.
  3. From the command line, enter the following command:

    4. For Oracle: export_policy_oracle.sh<Enter>

    For Sybase: export_policy_sybase.sh<Enter>

  4. When the script prompts you to continue, type Y, and then press <Enter>.
  5. When the script prompts you for the directory in which to save the policy files, type the full path directory name, and then press <Enter>.
  6. When the script prompts you for your database server, type the name of your database server (Service Name in Oracle), and then press <Enter>.
  7. With Sybase, the script may prompt you for your database name, type the name of your database, and then press <Enter>.
  8. When the script prompts you for the policyowner, type the name of the database user who owns the policy schema, and then press <Enter>.

    9. The policy owner is the owner of the policy database, (for example, the database schema owner). Do not confuse the database owner (dbo) with the policy owner in Sybase.

  9. When the script prompts you for your Oracle or Sybase login ID, type your database username, and then press <Enter>.
  10. When the script prompts you for your login password, type your database password, and then press <Enter>.

    11. When the script completes, a successful message appears.

When exporting the policy, the configuration resources are saved to the following files: object_config and objattr_config. The Policy Import tool does not import these two files by default. If you want to import the configuration resources, you need to create a directory, and copy object_config, objattr_config, and binding into that directory. Rename object_config to object and objattr_config to objattr. Then you can configure the Policy Import tool to import these to file in this new directory.

 

Exporting Policy Data on Windows Platforms

This procedure exports your policy from the database into formatted text files. You perform this export using the export tool included as part of the Administration Application.

Before you begin, make sure you have the information listed in Table 6-1:

To export the policy data on a Windows platform, perform the following steps:

  1. Open a command window and change to WLES_HOME/bin directory.
  2. Ensure that the current path (.) is included your PATH. Also, ensure that the Sybase or Oracle client environment is set up as discussed in Database Setup in the Administration Application Installation Guide.
  3. At the command prompt, do one of the following:

    4. For Oracle, type the following command, and then press <Enter>:

    export_policy_oracle.bat server policyowner login password directory

    For Sybase, type the following command, and then press <Enter>:

    export_policy_sybase.bat server database policyowner login password directory

    where server, database, policyowner, login, and directory are as defined in Table 6-1.

When exporting the policy, the configuration resources are saved to the following files: object_config and objattr_config. The Policy Import tool does not import these two files by default. If you want to import the configuration resources, you need to create a directory, and copy object_config, objattr_config, and binding into that directory. Rename object_config to object and objattr_config to objattr. Then you can configure the Policy Import tool to import these to file in this new directory.

 

What's Next

Now, you can import the exported policy into policy database using the Policy Import tool. The exported policy files are in the format required by the Policy Import tool; however, you need to configure the tool to point to the exported file directory. You also need to create a policy distribution file distribution if you want the policy to be automatically distributed after the import completes. For additional information, see Importing Policy Data.

 

Back to Top Previous Next