Import Data Classification Policies

Data classification policies are exported with their rules, policy objects, categories, file properties, and rule criteria. The tool creates a file with a summary of what was imported and what was not imported. The tool also creates a log file, which File Access Manager technical support team can use as a reference for troubleshooting.

As noted inTransferring Data Classification Policies Between Systems, you must have administrative rights and use the file working directory.

To import data classification policies, perform the following steps:

Note: The only way to run an import or export on the tools is by the command line.

  1. Run the tool with the following selected options:

    1. CD %SAILPOINT_HOME%\FileAccessManager\Server Installer\Tools\PolicyImporter

    2. -I, --input (Input file location)

    3. The exported output file path

      The file location can be either absolute (c:\program files\Sailpoint\outputs) or relative (..\..\outputs).

    1. -R, --override (Default: false)

      The system recognizes a policy by its unique ID, not by its policy name. Override refers to overriding existing data classification policies and policy rules.

    1. -C, --activate (Default: false)

      Activate refers to activation of all policies immediately after migration.

      Note: The option to activate supersedes the policy and policy rule association on the exported server - if the option to activate is specified will all be activated, otherwise will all be deactivated.

    1. -O, --output (Default: output_stats.txt)

The output summary file is in the selected location.

The file location can be absolute location (c:\program files\Sailpoint\outputs) or relative (..\..\outputs).

Examples:

--output ..\..\imported.log

-O c:\temp\stats.txt

-T, --test (Default: false)

Any changes made during this simulation of the importation of policies and policy rules are rolled back afterward, so you can see what has been changed without altering any policies or policy rules.

  1. -M, --multi-output (Default: false)

  2. The output summary is written in one or more files, with a time stamp appended to the file name.

Example: output_stats.180507091022.txt

Note: When this option is not used, append the content of the result to the same file, along with the time stamp.

  1. U, --user (Required).

  2. This is the name of the user to whom data classification policies are exported, and should include both the user name and the domain name (if there is one).

  3. -P, --password

After inserting all parameters and executing the command, the tool will indicate either a success or fail message (displayed in the command line). It will also create a log file which the File Access Manager Technical Support Team can use as a reference for troubleshooting.

  1. If the user needs more information about the File Access Manager version, complete the following in the command line.

    1. --help

    2. The Help screen displays.

    3. –version
      The version information displays.

Note: File Access Manager cannot import a Data Classification policy if the policy name exists. In this case, the following error message will display. Rename the existing policy and rerun the import procedure.

Note: File Access Manager cannot import a Data Classification rule if the rule name exists. In this case, the following error message will display. Rename the existing rule and rerun the import procedure.