Exporting object security rules (exportFGSObjSecRules script)

You can export object security rules for use in another environment. You use the exportFGSObjSecRules script to export the file.

Purpose

The exportFGSObjSecRules script exports object security rules to a JavaScript Object Notation (JSON) file so that the JSON file can be imported on another monitor instance.

You might want to export object security rules when you are moving from a test environment to a production environment.

Note: You must have administrative privileges to use the command-line options for fine-grained security.

Location

The exportFGSObjSecRules script is located in the following directory:

monitor_root\scripts.wbm\FGSecurity\exportFGSObjSecRules.jy

Parameters

The parameters for the exportFGSObjSecRules script are described in the following table:

Parameters	Description	Comments
`export_filename.json`	The fully qualified path of the JSON file to which you are exporting the fine-grained object security rules (for example, c:/fgsRules.json or "/tmp/exportRules.json").
`-model modelID`	The name of the monitoring model for export.	If not specified, the fine-grained object security rules for all models are exported. This parameter is required if `-mc` is specified.
`-objtype objtype`	An optional attribute to indicate the type of object, which can be one of the following types: KPI Metric AlertTemplate Measure Dimension	If no object is specified, all object security types are exported.
`-mc MCID`	The monitoring context for fine-grained object security rules to be exported.	If not specified, the fine-grained object security rules for all monitoring contexts associated with the model are exported.
`-obj obj_ID`	An attribute that specifies the ID of the object, which can be one of the following: Metric ID Measure ID Dimension ID Alert Template ID KPI ID	This attribute can be used if the `-objtype` attribute is specified with an object type of `Metric`, `Measure`, or `Dimension`.
`-userid username`	The user ID associated with the fine-grained object security rules to be exported.	This parameter can be used with `-model` and `-mc`. This parameter cannot be used with `-userdn`, `-groupid`, or `-groupdn`.
`-userdn userdn`	The user distinguished name (DN) associated with the fine-grained object security rules to be exported.	This parameter can be used with `-model` and `-mc`. This parameter cannot be used with `-userid`, `-groupid`, or `-groupdn`.
`-groupid group`	The group ID associated with the fine-grained object security rules to be exported.	This parameter can be used with `-model` and `-mc`. This parameter cannot be used with `-userid`, `-userdn`, or `-groupdn`.
`-groupdn groupdn`	The group distinguished name (DN) associated with the fine-grained object security rules to be exported.	This parameter can be used with `-model` and `-mc`. This parameter cannot be used with `-userid`, `-userdn`, or `-groupid`.
`-conntype type`	Use `SOAP` for the connection type.
`-includegroups`	A flag to indicate whether groups associated with the `userid` or `userdn` should be included in the export.	No value is specified with the `-includegroups` parameter. Use `-includegroups` if you want the groups to be exported.
`-host host_name`	The name of the host where IBM® Business Monitor is installed. This can be `localhost`.
`-port port_number`	The SOAP connector port of WebSphere® Application Server. Using the WebSphere Application Server administrative console, you can find the SOAP_CONNECTOR_ADDRESS by clicking Servers > server1 > Ports.

Windows usage

This section shows how to use the exportFGSObjSecRules script in a stand-alone or network deployment (ND) IBM Business Monitor environment, a Rational® Application Developer development environment, and an IBM Integration Designer environment.

Note: In an ND environment, run the command on the deployment manager.

Note that, even on a Windows system, you must use a forward slash (/) for the path to the file.

For a stand-alone or network deployment (ND) IBM Business Monitor environment:

profile_root\bin> wsadmin -wsadmin_classpath
"..\..\..\plugins\com.ibm.wbimonitor.lifecycle.spi.jar;
..\..\..\plugins\com.ibm.wbimonitor.repository.jar" -lang jython -f
"..\..\..\scripts.wbm\FGSecurity\exportFGSObjSecRules.jy" 
"export_filename.json" -model modelId -objtype type
-mc MCID -obj object -userid username 
-userdn userdn -groupid group -groupdn groupdn 
-includegroups -conntype SOAP -host host_name -port port_number

For a Rational Application Developer development toolkit:

app_dev_root_WTE\runtimes\bi_v7\bin> wsadmin -wsadmin_classpath 
"..\plugins\com.ibm.wbimonitor.lifecycle.spi.jar;
..\plugins\com.ibm.wbimonitor.repository.jar" -lang jython -f 
"..\scripts.wbm\FGSecurity\exportFGSObjSecRules.jy" 
"export_filename.json" -model modelId -objtype type
-mc MCID -obj object -userid username 
-userdn userdn -groupid group -groupdn groupdn 
-includegroups -conntype SOAP -host host_name -port port_number

For IBM Integration Designer development toolkit:

integration_dev_root_WTE\runtimes\bi_v7\bin> wsadmin -wsadmin_classpath 
"..\plugins\com.ibm.wbimonitor.lifecycle.spi.jar;
..\plugins\com.ibm.wbimonitor.repository.jar" -lang jython -f 
"..\scripts.wbm\FGSecurity\exportFGSObjSecRules.jy" 
"export_filename.json" -model modelId -objtype type
-mc MCID -obj object -userid username 
-userdn userdn -groupid group -groupdn groupdn 
-includegroups -conntype SOAP -host host_name -port port_number

An example of using the exportFGSObjSecRules script in a stand-alone environment follows:

exportFGSObjSecRules.jy "c:/fgsRules.json" -model Mymodel 
–objtype Metric -mc testmc 
-obj LoanAmount -userid jsmith 
-includegroups -conntype SOAP -host localhost -port 8880

Linux and UNIX usage

This section shows how to use the exportFGSObjSecRules script in a stand-alone or network deployment (ND) IBM Business Monitor environment. The usage information in this section also applies to using exportFGSObjSecRules on a z/OS platform.

In an ND environment, run the command on the deployment manager.

profile_root/bin> wsadmin -wsadmin_classpath 
"../../../plugins/com.ibm.wbimonitor.lifecycle.spi.jar:
../../../plugins/com.ibm.wbimonitor.repository.jar" -lang jython -f
"../../../scripts.wbm/FGSecurity/exportFGSObjSecRules.jy" 
"export_filename.json" -model modelId -objtype type
-mc MCID -obj object -userid username 
-userdn userdn -groupid group -groupdn groupdn 
-includegroups -conntype SOAP -host host_name -port port_number

Examples of using the exportFGSObjSecRules script in a Linux or Unix environment follow:

Stand-alone environment:

exportFGSObjSecRules.jy "/tmp/exportRules.json" -model Mymodel 
-objtype Metric -mc testmc 
-obj LoanAmount -userid jsmith 
-includegroups -conntype SOAP -host localhost -port 8880

ND environment:

root@wbiaixp517 /usr/IBM/WebSphere/AppServer/profiles/Custom01/bin]#./wsadmin.sh 
-wsadmin_classpath "../../../plugins/com.ibm.wbimonitor.lifecycle.spi.jar:
../../../plugins/com.ibm.wbimonitor.repository.jar" -lang jython -f 
"../../../scripts.wbm/FGSecurity/exportFGSObjSecRules.jy" 
"/tmp/exportRules.json" -model Mymodel -objtype Metric -mc testmc -obj LoanAmount 
-userid jsmith -includegroups -conntype SOAP -host wbiaixp513 -port 8879

Usage examples

If you do not enter user or group information, object security rules information for all users and groups is exported.

For example, to export all metric security rules for the MortgageLending model, enter the following command:

wsadmin -wsadmin_classpath "..\..\..\plugins\com.ibm.wbimonitor.lifecycle.spi.jar;
..\..\..\plugins\com.ibm.wbimonitor.repository.jar" -lang jython -f 
"..\..\..\scripts.wbm\FGSecurity\exportFGSObjSecRules.jy" /tmp/exportFile.json 
–model MortgageLending –objtype Metric

To export all metric security rules for user JaneD, enter the following command:

wsadmin -wsadmin_classpath "..\..\..\plugins\com.ibm.wbimonitor.lifecycle.spi.jar;
..\..\..\plugins\com.ibm.wbimonitor.repository.jar" -lang jython -f 
"..\..\..\scripts.wbm\FGSecurity\exportFGSObjSecRules.jy" /tmp/exportFile.json 
–userid JaneD

To export an object security rule for the LoanAmount object that applies to the PayrollEmployee group, enter the following command:

wsadmin -wsadmin_classpath "..\..\..\plugins\com.ibm.wbimonitor.lifecycle.spi.jar;
..\..\..\plugins\com.ibm.wbimonitor.repository.jar" -lang jython -f 
"..\..\..\scripts.wbm\FGSecurity\exportFGSObjSecRules.jy" /tmp/exportFile.json 
–model MortgageLending –objtype Metric –mc NewLoanApplication 
–obj LoanAmount –groupid PayrollEmployee