Administration GuidePolicies › Restore Access Policies

Previous Topic: Back Up All Access Policies

Next Topic: Custom Roles and Policies

Restore Access Policies

You can restore an access policy that has been deleted or changed in a way that causes problems. If an access policy is accidentally deleted or corrupted, users referenced as Identities in that policy cannot access CA Enterprise Log Manager until that policy is redefined or restored.

Restoring access policies requires running the safex utility for policies.

Use one of the two following procedures, depending on whether your export created a backup file with the xml.gz extension or the tar.gz extension.

To restore access policies from a backup named filename.xml.gz

  1. Copy your saved backup files to following directory of the management CA Enterprise Log Manager, typically the first server installed. 
     /opt/CA/LogManager/EEM
  2. Run the following command to retrieve the XML file: 
    gunzip filename.xml.gz

    This creates filename.xml.

  3. (Optional) If you want to restore only one of the policies in the group that you backed up, do the following:
    1. Open the XML file.
    2. For the policies you do not want to restore, delete the XML lines beginning and ending with the following tags:
      <Policy folder="/ name=policyname> and </Policy>
    3. Save the file.
  4. Execute the following command, where eemserverhostname refers to the host name of the management CA Enterprise Log Manager. 
    ./safex -h eemserverhostname -u EiamAdmin -p password -f filename.xml

    When the CA Enterprise Log Manager server is in FIPS mode, be sure to include the -fips option.

    The policy or policies defined in filename.xml being restored are added to the appropriate policy type and put into effect.

To restore access policies from a backup named filename.tar.gz

  1. Copy your saved backup files to following directory of the management CA Enterprise Log Manager, typically the first server installed. 
     /opt/CA/LogManager/EEM
  2. Run the following command to retrieve the XML file. 
    gunzip filename.tar.gz

    This creates filename.tar.

  3. Run the following command: 
    tar -xvf filename.tar

    This creates filename.xml.

  4. (Optional) If you want to restore only one of the policies in the group that you backed up, do the following:
    1. Open the XML file.
    2. For the policies you do not want to restore, delete the XML lines beginning and ending with the following tags:
      <Policy folder="/ name=policyname> and </Policy>
    3. Save the file.
  5. Execute the following command, where eemserverhostname refers to the host name of the management CA Enterprise Log Manager. 
    ./safex -h eemserverhostname -u EiamAdmin -p password -f filename.xml

To recreate the CALM Access Policy if you have no backup

If you have no backup, you can recreate the CALM Application Access policy.

  1. Recreate the CALM Application Access policy. See "Predefined Policies."
  2. Define the filters as shown in the following illustration. The partial paths are:

    The presence of this policy enables any Administrator to log in and create the other policies.

More information:

Back Up All Access Policies