We're running a Policy Server and we'd like to know the possible

method to remove an Agent from an AgentGroup without having to use the

AdminUI. We would like to use XPSExplorer to manage the Policy Store

data. Is that possible ?

Release: 12.52SP1

Component:

The use of XPSExplorer is not a good option for you as the intent here

is to modify and manage the Policy Store objects. As per

documentation, this tool as limited scope and risky :

  XPSExplorer

    XPSExplorer is an interactive command-line utility that allows an

    administrator or application developer to view the data in a policy

    store. XPSExplorer has two uses:

    To determine the identifiers of objects for a granular export or

    import by exploring a list of domains or realms.

    To repair the object store in the event that the store is damaged and

    must be repaired manually.

    Important! Only use XPSExplorer to repair or otherwise modify the

    policy store if instructed to do so by CA Support. Unsupervised use

    can corrupt the policy store.

- Document reference:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/administrating/policy-server-tools/xpsexplorer.html

As such, we strongly recommend you to use C++, Java, or Perl to bypass

the AdminUI to manange the Policy Store objects.

o manage Policy Store data, you can run custom

script written in perl, Java or c++.

C++

The C-Language APIs

Policy Management API—use to develop a custom Administrative UI

application, or to customize selected components of policy objects

such as rules, policies, and responses within the application. Users

of this API will be able to perform most of the data manipulations

that users of the native Administrative UI can perform.

- Document reference:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/programming/sdks/programming-in-c.html

Java

Programming in Java

Policy Management API—use to develop a custom Administrative UI

application, or to customize selected components of policy objects

such as rules, policies, and responses within the application. Users

of this API will be able to perform most of the data manipulations

that users of the native Administrative UI can perform.


- Document reference:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/programming/sdks/programming-in-java.html

Perl

Policy Management Operations in CLI

Create Agent Objects

View and Modify Object Properties

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/programming/scripting-interface/policy-management-api-in-cli/policy-management-operations-in-cli.html#PolicyManagementOperationsinCLI-CreateAgentObjects

and

Removing an Agent from Policy Store using Perl CLI, the reference to

this agent doesn't get removed from the AgentGroup and AdminUI

report Error: Could not find specified subject.

https://comm.support.ca.com/kb/removing-an-agent-from-policy-store-using-perl-cli-the-reference-to-this-agent-doesnt-get-removed-from-the-agentgroup-and-adminui-report-error-could-not-find-specified-subject/kb000008126