Specialized Administration > Ensuring Data Security > Security Labels and Agreements > Using the UpdateSecurityLabels Command Line Utility > Configuration for Running the UpdateSecurityLabels Command Line Utility
  
Configuration for Running the UpdateSecurityLabels Command Line Utility
Before running the UpdateSecurityLabels command line utility, some property configuration decisions are required. The following properties can be set to establish the users who can run the utility, set up how it runs, enhance performance, and so on.
* 
Enabling the Modify Security Labels auditing event greatly increases the run time for the UpdateSecurityLabels command line utility. For more information, see Enable Security Label Events for Auditing.
wt.properties
The following table lists properties found in the wt.properties file:
Property
Description
wt.access.UpdateSecurityLabels.authorizedParticipant
Optional, but recommended to limit access.
Set this property to the UFID of the authorized user in LDAP, user-defined group, or organization in database who is authorized to run the UpdateSecurityLabels command line utility.
By default, this property is set to the site administrators group.
wt.access.UpdateSecurityLabels.chunkSize
Optional
Set this property to indicate the greatest number of objects that are updated in one chunk before starting another chunk. Setting this property can improve performance when dealing with a large number of updates. For example, if you are running the utility against 100,000 objects, you could set the chunk size to be 5000 and 20 chunks would be processed. If a failure occurs in one of the chunks, only that chunk would need to be reprocessed and all other successful chunks can continue.
By default, this property is set to 1000.
wt.access.UpdateSecurityLabels.noChangeValue
Optional
Set this property to indicate the string to use to leave some security label values unchanged, rather than setting them to a specified value.
* 
Set the string to a value that is not a valid security label value for any configured security label. For custom security labels, this includes an empty string. If you set the property to a value that matches any security label value, the value is not changed.
By default, this property is not set.
For more information about setting properties, see Using the xconfmanager Utility.
log4jMethodServer.properties
The following table lists properties to be set in the log4jMethodServer.properties file:
Property
Description
log4j.appender.UpdateSecurityLabelsReport
Required
This property must be set to wt.access.UpdateSLsReportAppender. The property establishes the format for the output file generated by the utility.
log4j.appender.UpdateSecurityLabelsReport.File
Required
After the UpdateSecurityLabels command line utility runs, an output file is generated with a TSV file type. This property determines where the file is saved and what the file is named. The file name can be appended with the Java virtual machine identifier (%jid), the thread identifier (%tid), and the time in milliseconds (%time). PTC recommends appending at least one of these values so that each output file has a unique file name.
log4j.appender.UpdateSecurityLabelsReport.MaximumNumberOfRecords
Optional
Set this property to indicate the greatest number of records that can appear in the output file. When this number is reached, the output file is renamed with a suffix of “_x”, where “x” is the file number, and a new output file is created. For example, if the property is set to 60 and there are 100 records, two files are generated, Report_1 with 60 records and Report with 40.
If this property is not set, it defaults to 20000.
log4j.appender.UpdateSecurityLabelsReport.MaximumFileSizeInBytes
Optional
Set this property to indicate the maximum file size in bytes for the output file. When this number is reached, a new output file is generated with a suffix of “_x”, where “x” is the file number.
If this property is not set, it defaults to 10 MB.
log4j.additivity.wt.access.UpdateSecurityLabelsReport
Optional
Set this property to establish whether information is written to the method server log in addition to the output file.
By default, this property is set to True.
log4j.logger.wt.access.UpdateSecurityLabelsReport
Required
Set this property to determine the level of detail included in the output file. The following values are available:
TRACE: displays the input file location, a summary line, and a status for each object processed
INFO: displays the input file location, a summary line, and any failures or errors that occur for individual objects
ERROR: displays the input file location and any failures or errors that occur for individual objects
To set the properties in the log4jMethodServer.properties file, complete the following steps:
1. Navigate to the following source file: <Windchill>/codebase/WEB-INF/log4jMethodServer.properties
2. Copy the log4jMethodServer.properties file to the following locations:
<Windchill>/wtSafeArea/siteMod/codebase/WEB-INF
and
<Windchill>/wtSafeArea/ptcOrig/codebase/WEB-INF
3. Open the <Windchill>/wtSafeArea/siteMod/codebase/WEB-INF/log4jMethodServer.properties file in a text editor.
4. Add the following lines:
log4j.appender.UpdateSecurityLabelsReport=wt.access.UpdateSLsReportAppender
log4j.logger.wt.access.UpdateSecurityLabelsReport=<output detail>,
UpdateSecurityLabelsReport
log4j.appender.UpdateSecurityLabelsReport.File=<file path>
where
<output detail> is TRACE, INFO, or ERROR, depending on the level of detail desired in the output file
<file path> is the path to the output report file, including the output report file name. Optionally, you can include the following variables in the file name:
%time to indicate the time in milliseconds
%jid to indicate the Java virtual machine identifier
%tid to indicate the thread identifier
5. [Optional] Add one or more of the following lines, as required by your site:
log4j.appender.UpdateSecurityLabelsReport.MaximumNumberOfRecords=<number of records>
log4j.appender.UpdateSecurityLabelsReport.MaximumFileSizeInBytes=<number in bytes>
log4j.additivity.wt.access.UpdateSecurityLabelsReport=<log location>
where:
<number of records> is the total number of records that can appear in the output file
<number in bytes> is the maximum file size in bytes for the output file
<log location> is TRUE or FALSE, depending on if the logs are written to the method server log file
For example, the properties could be set as follows:
log4j.appender.UpdateSecurityLabelsReport=wt.access.UpdateSLsReportAppender
log4j.logger.wt.access.UpdateSecurityLabelsReport=TRACE,UpdateSecurityLabelsReport
log4j.appender.UpdateSecurityLabelsReport.File=${wt.logs.dir}/UpdateSecurityLabels/
Report-%time-%jid-%tid
log4j.appender.UpdateSecurityLabelsReport.MaximumNumberOfRecords=2000
log4j.additivity.wt.access.UpdateSecurityLabelsReport=false
log4j.logger.wt.access.UpdateSecurityLabelsReport=ERROR,UpdateSecurityLabelsReport
Using this example, the output file would be created in the <Windchill>/logs/UpdateSecurityLabels directory and would have a name similar to Report-1389283424223-8344-180.tsv. The file would not exceed 2000 records, and the report information would only be written to the report file and not to the method server logs.
6. Save and close.
7. From within a windchill shell, run the following command to copy your updated files to the installation directory:
ant -f bin/swmaint.xml installSiteChanges
8. Restart your Windchill method server.