Configuration for Running the UpdateSecurityLabels Command Line Utility
Before running the UpdateSecurityLabels command line utility, some property configuration decisions are required. The following properties can be set to establish the users who can run the utility, set up how it runs, enhance performance, and so on.
 |
Enabling the Modify Security Labels auditing event greatly increases the run time for the UpdateSecurityLabels command line utility. For more information, see Enable Security Label Events for Auditing.
|
wt.properties
The following table lists properties found in the wt.properties file:
|
Property
|
Description
|
||
|---|---|---|---|
|
wt.access.UpdateSecurityLabels.authorizedParticipant
|
Optional, but recommended to limit access.
Set this property to the UFID of the authorized user in LDAP, user-defined group, or organization in database who is authorized to run the UpdateSecurityLabelscommand line utility.
By default, this property is set to the site administrators group.
|
||
|
wt.access.UpdateSecurityLabels.chunkSize
|
Optional.
Set this property to indicate the greatest number of objects that are updated in one chunk before starting another chunk. Setting this property can improve performance when dealing with a large number of updates. For example, if you are running the utility against 100,000 objects, you could set the chunk size to be 5000 and 20 chunks would be processed. If a failure occurs in one of the chunks, only that chunk would need to be reprocessed and all other successful chunks can continue.
By default, this property is set to 1000.
|
||
|
wt.access.UpdateSecurityLabels.noChangeValue
|
Optional.
Set this property to indicate the string to use to leave some security label values unchanged, rather than setting them to a specified value.
By default, this property is not set.
|
||
|
wt.access.UpdateSecurityLabelsReport.file
|
Required.
Set this property to specify the name and location of the output file when the UpdateSecurityLabels command line utility is executed. The output file is a tab-separated value (TSV) file. Append the file name with the Java virtual machine identifier (%jid), or thread identifier (%tid), or the time in milliseconds (%time), or all three values, to ensure that each output file has a unique file name.
By default, the property is set to generate output file in the Windchill log directory. The default value is wt.access.UpdateSecurityLabelsReport.file=$(wt.logs.dir)$(dir.sep)CLT_Report-%time-%jid-%tid.tsv
|
||
|
wt.access.UpdateSecurityLabelsReport.maximumFileSize
|
Optional.
Set this property to verify the maximum file size (in bytes) of the output file. Specify the property value in a string format, for example, 10MB, 15KB, 1GB.
By default, the property is set to 10MB. When the file size exceeds threshold value, a new output file is generated with a suffix ‘_x’ in the filename, where ‘x’ is the file number.
|
||
|
wt.access.UpdateSecurityLabelsReport.maxNoOfFiles
|
Optional.
Set this property to specify the maximum number of output files to retain during rollover. When the number of the generated output file reaches the specified limit, a new output file is generated with a suffix ‘_x’ in the filename, where ‘x’ is the file number.
By default, this property is set to 10 files.
|
For more information about setting properties, see Using the xconfmanager Utility.
log4jMethodServer.properties
The following table lists properties are available out-of-the-box in the log4jMethodServer.properties file:
|
Property
|
Description
|
|---|---|
|
logger.UpdateSecurityLabelsReport.additivity
|
Optional.
Set this property to establish whether information is written to the method server log in addition to the output file.
By default, this property is set to True.
|
|
logger.UpdateSecurityLabelsReport.level
|
Required.
Set this property to determine the level of detail included in the output file. The following values are available:
• trace: displays the input file location, a summary line, and a status for each object processed.
• info: displays the input file location, a summary line, and any failures or errors that occur for individual objects.
• error: displays the input file location and any failures or errors that occur for individual objects.
By default, this property is set to info.
|
To set the properties in the log4jMethodServer.properties file, complete the following steps:
1. Navigate to the following source file: <Windchill>/codebase/WEB-INF/log4jMethodServer.properties
2. Copy the log4jMethodServer.properties file to the following locations:
<Windchill>/wtSafeArea/siteMod/codebase/WEB-INF
and
<Windchill>/wtSafeArea/ptcOrig/codebase/WEB-INF
3. Open the <Windchill>/wtSafeArea/siteMod/codebase/WEB-INF/log4jMethodServer.properties file in a text editor.
4. In log4jMethodServer.properties file, the logger configuration for UpdateSecurityLabels is defined by default in the command line utility as follows:
logger.UpdateSecurityLabelsReport.name = wt.access.UpdateSecurityLabelsReport
logger.UpdateSecurityLabelsReport.level = info
logger.UpdateSecurityLabelsReport.additivity = true
logger.UpdateSecurityLabelsReport.level = info
logger.UpdateSecurityLabelsReport.additivity = true
5. [Optional] Set the level as desired and control the additivity as described in the above table:
logger.UpdateSecurityLabelsReport.level = trace
logger.UpdateSecurityLabelsReport.additivity = false
logger.UpdateSecurityLabelsReport.additivity = false
6. Save and close.
7. From within a windchill shell, run the following command to copy your updated files to the installation directory:
ant -f bin/swmaint.xml installSiteChanges
8. Restart your Windchill method server.