Policy Server Guides › Policy Server Administration Guide › Policy Server Tools › Export Policy Data Using XPSExport

Export Policy Data Using XPSExport

The XPSExport tool supports the following tasks for migrating Policy Store data:

• Export all the data dictionary.
• Export all the security data.
• Export all the policy data.
• Export all the configuration data.
• Export a portion of the policy data.

You can export a subset of policy data by specifying a root object's identifier in the command line or in a file (using the -xf parameter). Only objects that do not have a parent class can be exported. For example, to export a realm object, you specify the identifier (XID) of the realm's parent domain.

You can also create and edit a custom export file using the "shopping cart", or XCart, capability in XPSExplorer (xspexplorer -xf ). You can set the import mode (ADD, OVERLAY, REPLACE, or DEFAULT) on a per object basis in the XCart file. You can then pass the XCart file to XSPExport using the -xf parameter.

Note: XSPExport does not export keys from the key store. You must use smkeyexport for this purpose.

Syntax

The syntax of the XPSExport is following:

XPSExport output_file [-xo object_XID] [-xo-add object_XID] [-xo-replace object_XID]
[-xo-overlay object_XID] [-xf file_name] [-xa] [-xd] [-xs] [-xc] [-passphrase phrase]
[-?] [-vT] [-vI] [-vW] [-vE] [-vF] [-l log_file] [-e err_file] 

Parameters

• output_file

  The output XML file.

• -xo object_XID

  Specifies one or more objects for granular export. You can optionally specify one of the following export types:

  • -xo-add object_XID

    Specifies only additions are done during import.

  • -xo-replace object_XID

    Specifies policy data is overwritten during import.

  • -xo-overlay object_XID

    Specifies policy data is updated during import.

• -xf file_name

  (Optional) Specifies the absolute name of a file that contains the list of XIDs of objects to be exported.

  The entries in the file have the following format:

  CA.SM::UserDirectory@0e-255e2456-556d-40fb-93cd-f2fed81f656e

  ADD = CA.SM::AuthScheme@0d-4afc0e41-ae25-11d1-9cdd-006008aac24b

  REPLACE = CA.SM::Agent@01-cb8b3401-a6aa-4794-964e-c569712269c0

  OVERLAY = CA.SM::Domain@03-7bdf31f2-44d7-4d7b-a8f5-5de2eaa0b634

  These entries correspond to the following command-line parameters:

  -xo CA.SM::UserDirectory@0e-255e2456-556d-40fb-93cd-f2fed81f656e
  -xo-add CA.SM::AuthScheme@0d-4afc0e41-ae25-11d1-9cdd-006008aac24b
  -xo-replace CA.SM::Agent@01-cb8b3401-a6aa-4794-964e-c569712269c0
  -xo-overlay CA.SM::Domain@03-7bdf31f2-44d7-4d7b-a8f5-5de2eaa0b634
  

• -xa

  (Optional) Exports entire policy data.

  Note: This option cannot be used with -xo, -xo-add, -xo-replace, -xo-overlay, or -xf.

• -xd

  (Optional) Exports the entire data dictionary.

• -xs

  (Optional) Exports the entire security data.

• -xc

  (Optional) Exports the entire configuration data.

• -passphrase phrase

  (Optional) Specifies the passphrase required for encryption of sensitive data. This must be at least eight characters long and must contain at least one digit, one uppercase and one lowercase character. The passphrase can contain a space enclosed in quotes. If not specified as a command-line option, the export process prompts for a passphrase when sensitive data is being exported.

• -?

  Displays command-line help.

• -vT

  (Optional) Sets verbosity level to TRACE.

• -vI

  (Optional) Sets verbosity level to INFO.

• -vW

  (Optional) Sets verbosity level to WARNING (default).

• -vE

  (Optional) Sets verbosity level to ERROR.

• -vF

  (Optional) Sets verbosity level to FATAL.

• -l log_file

  (Optional) Outputs log to the specified file.

• -e err_file

  (Optional) Specifies the file to which errors and exceptions are logged. If omitted, stderr is used.

Example

XPSExport PolicyData.xml -xo CA.SM::UserDirectory@0e-255e2456-556d-40fb-93cd-f2fed81f656e
-xo-overlay CA.SM::Domain@03-7bdf31f2-44d7-4d7b-a8f5-5de2eaa0b634 -xd -e C:\tmp\ExceptionLog.txt 

Note: In case of granular export, the export type will either be specified explicitly on the command line or will be retrieved from the data dictionary in case it is not specified on the command line. For dump export, the export type attribute for all objects is Replace (whatever the data dictionary value for the object class is set to) because a load import of the policy data is effectively an overwrite of the entire policy data in the policy store.

During the execution of XPSExport, if any error is encountered during the parsing of the command line options, the export tool aborts and logs the errors encountered in the exception file (or stderr). Also, the export process aborts if the export of any object fails. In such a scenario, appropriate errors are logged to the exception file (or stderr) and the XML output file (if it has been created) is deleted.