Symantec Access Management

 View Only

Using SMPolicyReader to generate xcart selection. 

Dec 14, 2016 02:28 AM


XPSExport does allow you to export sub elements rather than the whole policy, the most useful way is via XPSExplorer where you can add items to an XCart and save that for latter use in XPSExport.   But the selection process via the cmd line driven interface is a bit cumbersome.


We've updated the SMPolicyReader.  Siteminder Policy Reader   so that you can create the xcart selection is a more visual method.   This explains how to use the new feature. 


I) XCart via XPSExplorer 


XCart selection is done via XPSExplorer, it is cmd line driven and a bit cumbersome to use: 



II) Create XCart via SMPolicyReader  

First we need to open a prior XPSExport file, any file will do and often a backup dump files is the most convenient (my next project will be, to cover an method automating an xpsexport via scheduled task, and storing the changes in git change repository, so we can view change history)

Here I am opening up a -xb xpsexport :  


With the XPSExport loaded , we can select root elements, right click and add them to the XCart, items in the xcart are coloured green. 


The same right click can be used to removed objects from the xcart. 


And you can select multiple objects and add them at the same time to the xcart. 


We can then view the contents of the xcart via the "Tools/Open XCart Window" menu option : 


You can remove items from the xcart via the new window.  The window is non-modal so you can continue to add/remove items and the contents of the windows are updated.


You can then save the xcart, via the save button at the bottom of the screen : 


And you can also load an xcart selection from a saved xcart file: (it will find the objects in the tree and highlight them in the green selection colour) 



III) Run XPSExport on XCart 

You can then run the XPSExport command with the XCart selection file for example:  

xpsexport export-cart.xml  -xf XCart_2016-12-14_17-38.txt -pass Password01 -f



IV) Verify out XCart XPSExport  

Then to verify our export we are going to open it in SMPolicyReader to view it.  So we select the export-cart.xml file we just exported : 


Then we can view the objects we exported, which in the case was one domain and several webagents :  

note: we can also see a list of the incomplete ReferenceObjects, that were included in the export (see the WarningReferenceObject screen shot below) : 


Video of xcart in use : 


This is an earlier video, before the feature was complete to demostrate the xcart functionality of the PolicyReader - if you are really keen to see it in action (just in case I don't get time to create a more current one, now the feature is complete :-) :  



Hope you find that a useful addition to the SMPolicyReader tool.   The download of the latest version (this feature was added in Build 360) is available at the bottom of the article here :


Cheers - Mark


Mark O'Donohue
Snr Principal Support Engineer - Global Customer Success

0 Favorited
0 Files

Tags and Keywords


Jan 11, 2017 07:15 PM

To be clear the SMPolicyReader just creates a list of xid's  that can then be used by xpsexport.


If you specify a domain, it will export the domain and all the "child" objects. 


The xpsexport will then export any related objects as ReferenceObjects, not real ones, and it will expect them to be there when you do the import into another environment. 


You can of course, if you know you need it, also add the user store to the xcart and it will then export both the domain, and the user store. 


These is a fair bit of debate on how this transfer process could be made easier - but that is how it currently works. 


Cheers - Mark

Jan 06, 2017 04:34 PM

Can the xcart then be used to import the domain ??    I assume object id problems apply if importing to a different policystore.   Can it be used a domain backup of an existing policystore where we can inmport the domain again if we mess something up ?

Related Entries and Links

No Related Resource entered.