acpload utility

The acpload utility loads the XML files that contain the main access control policies into the appropriate databases.

The acpload utility does not unload access control policies. To delete or remove components of a policy, administrators can use the Organization Administration Console to perform these tasks.

Syntax diagram of the acpload utility. See the list entitled Parameter values for the applicable parameters.
Notes:
  • Apache DerbyWebSphere Commerce Developer The acpload utility requires only the input_filename parameter.
  • Apache DerbyWebSphere Commerce Developer Stop the test server before you run the utility.
  • If you create customized XML files, you must copy them into the WC_installdir/xml/policies/xml directory to have them loaded into the databases. Validate the XML files against the corresponding DTD changes.
  • There is a setting in the loading scripts that specifies the following parameter setting when the utility resolves IDs and loads the data to the database: "-maxerror 100000". This setting means that if there up to 100000 foreign key violations when the utility loads the data, the violations are ignored, instead of stopping the operation. This value can be increased or decreased as needed. For example, if you want to stop after one such error, change the value to 1.
  • To load the access groups and access control policies, you need to run the following related utilities in this sequence:
    1. acugload (loads the user access group definitions)
    2. acpload (loads the main access control policy)
    3. acpnlsload (loads the display names and descriptions)
  • For IBM i OS operating system If you create customized XML files, you must use the full path to the DTD in your file. The access control policies DTDs are in the WC_installdir/xml/policies/dtd directory.
  • To run the utility, you must log in by using the non-root WebSphere Commerce user ID.

    SolarisLinuxAIX The user ID must have the following permissions:

    • Read/write/execute authority to the directories, subdirectories, and files of WC_installdir/xml/policies and WC_installdir/logs.
    • Read/execute authority to the WC_installdir/bin directory and its files.

      If the user does not have the required authority, you need to grant this authority by using the chmod command.

    For IBM i OS operating system You must log in with a profile that has the following permissions:

    • Read/write/execute authority to files under WC_installdir/xml/policies, WC_userdir /instances, and WC_userdir /instances/ instance_name/logs.
    • Read/execute authority to the WC_installdir/bin directory and its files.

      For example, define the profile with USRCLS *SECOFR.

  • Check for errors in the log files. Errors might not appear on the command line.
    • SolarisLinuxAIXWindows Check the acpload.log and messages.txt files in the following directory: WC_installdir/logs
    • For IBM i OS operating system
      • WC_userdir/instances/acpload.log
      • WC_userdir/instances/instance_name/logs/messages.txt
    • Any error files that are generated in WC_installdir/xml/policies/xml directory.
  • Update the registries: Access Control Policies and Access Control Policy Groups.
  • The acpload utility is a wrapper for the xmltransform, idresgen, and massload utilities. When you run the acpload utility, the utility uses the other utilities to load access control policy data. If you encounter problems when you run the acpload utility, refer to your idresgen and massload log files for details.

Parameter values

database
Required: Name of the database in which to load the policy.
DB2Note: For DB2 UDB databases, the DB2 Type 4 JDBC driver is used, where the Type 4 database name is prefixed with the database server and port. For example, db_server:db_port/db_name.
database_user
Required: Name of the database user who can connect to the database.
database_user_password
Required: The associated password for the database user.
input_filename
Required: The input policy XML file that specifies what policy data to load into the database.
schema_name
Optional: The name of target database schema. This name is normally the same as database_user.

This parameter is required if there are multiple schemas in the database into which you are loading data, for example if the database is workspace-enabled.

OracleThe schema_name is required for Oracle.

DB2If you omit schema_name when multiple schemas exist, you can get the following error in DB2:
Invalid parameter: Unknown column name null

Example

From the WC_installdir/bin directory, run:
  • For IBM i OS operating systemSolarisLinuxAIX ./acpload.sh mall dbuser dbusrpwd defaultAccessControlPolicies.xml
  • Windows acpload.cmd mall dbuser dbusrpwd defaultAccessControlPolicies.xml
  • Apache Derbyacpload defaultAccessControlPolicies.xml