cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X

Export and Import Of ACL's

ptc-5452031
7-Bedrock

Export and Import Of ACL's

Hello Guys

Does anybody know any tools or method to make Export of ACL??

I very boring have to do it manually, every time...

Thanks in advance...

4 REPLIES 4

Look at this article (PTC/user.org) and see if it helps.

http://portal.ptcuser.org/p/fo/st/topic=16&post=64018#p64018

Here you can find some report (QML) about ACL.

http://communities.ptc.com/docs/DOC-6348

Marco

There are a bunch of reports on the forums that allow you to visualize rules by entry. You can then pull these into Excel and make a very handy pivot table. This is great for better visualization, but it does not address the export and load aspect. In 10.1 there is no way to export site or organization rules. The rules within a particular application container can be exported by exporting the product as template for example then stripping out the rule section.

In addition you can export rules using winDU or ACL Export Utility, but again neither of these address the load issue.

To generate an XML load file for rules exported from any domain you could make a report in the format required by the CSV2XML load utility. However this does not support the loading of dynamic roles. The CSV XML format is not the same as the XML format used within the container templates. Only the container template format supports dynamic roles.

We are currently creating a report and custom parsing tool to generate XML load files in the format that supports dynamic rules. Not finished yet.

Something else to be aware of is the difference in how the qml report displays rules compared to how they are displayed in the policy admin tool. The qml reports have one line per entry. The policy admin utility has neither one line per rule or one line per entry. It is actually a list of entries grouped by rule and principal reference. For the policy admin utility this means:

  • A WTRule can span one or more lines.
  • One line can contain 1 – 3 WTEntries (grant, deny, absolute deny)

The format of the ACL XML used by the container templates, is grouped according to how they are displayed in the UI not in the .qml report of entries.

LoriSood
22-Sapphire III
(To:ptc-5452031)

It's kind of a clunky workaround since we don't have any loaders to export ACLs at present, but if you export the context (product) as a template you can select to export Access Control Rules. You can then use that template to create other contexts with those rules.

Hi Lori

Do you know if PTC plan to make any improvements with regards to export and import of ACLs. These rules underpin the whole system, hence there is a very big hole in the admin tool set.

The Policy Admin tool is only good for making atomic changes. Anybody with a broader interest in ACL is pretty much obliged to create a report and analyse those rules in Excel or similar.

There is no supported way to export org and site rules (in a loadable format), and as you say the application container method is “clunky”.

The fact you can import them is a moot point if you can’t export them. As regards to creating rules externally then loading, the CSV2XML util is not particularly useful especially as it does not support dynamic roles.

We are trying to consolidate application rules at org level. I was told by tech support that I have to delete 66,000 rules one by one using the UI. Thankfully our developer has found a customized solution to that problem otherwise I would have a pretty sore finger by now.

Interested to hear your opinion.

Best Regards

Darren

Announcements


Top Tags