Replacing a security schema

The security schema is a key component of an i2 Analyze deployment, and configuring it correctly is an important part of the development process. Replacing or making destructive changes to the security schema requires you to clear and repopulate the data stores in your deployment.

In a deployment that provides high availability, use the documentation from your database management system to remove the Information Store database from each database server in your deployment instead of the dropDatabases toolkit task.

In a deployment that provides high availability, stop and start each Liberty server in your environment but run deleteSolrCollections and createSolrCollections on one Liberty server only.

  1. Modify or create the security schema that you want to update your deployment with.
    For more information about creating the security schema, see Creating a security schema.
  2. Update the configuration with your security schema.
    1. Ensure that the security schema file is in the configuration\fragments\common\WEB-INF\classes directory.
    2. Ensure that your security schema file is specified in configuration\fragments\common\WEB-INF\classes\ApolloServerSettingsMandatory.properties.
    3. Ensure that the identifiers of the security dimension values that records receive by default are valid in the <DefaultSecurityDimensionValues> element in your security schema.
      For more information, see Setting default dimension values.
The following steps update your deployment with the new security schema.
  1. Stop the deployment:
    setup -t stopLiberty
  2. To remove the database and Solr collections, navigate to the toolkit\scripts directory and run the following command: 
    setup -t dropDatabases --hostname liberty.host-name
setup -t deleteSolrCollections --hostname liberty.host-name
    Here, liberty.hostname is the hostname of the Liberty server where you are running the command. It matches the value for the host-name attribute of the <application> element in the topology.xml file.

    A message is displayed when you run each task to confirm that you want to complete the action. Enter Y to continue. The database and Solr collections are removed from the system.

  3. To re-create the Solr collections and databases, run the following commands:
    setup -t createSolrCollections --hostname liberty.host-name
setup -t createDatabases
  4. Update and redeploy the system:
    setup -t updateSecuritySchema
setup -t deployLiberty
  5. Start Liberty:
    setup -t startLiberty
  6. If you changed the names of the user groups in the security schema, update the basic user registry to match the new names.
    For more information, see Configuring the Liberty user registry.
Add some data to the system, and verify that users see the behavior that you intended. Iterate over the process of modifying and replacing the schema as many times as you need.