Setting Partition Policies Manually
The Partition Security Officer can change available policies to customize partition functionality. Policy settings apply to all roles/objects on the partition. Refer to Partition Capabilities and Policies for a complete list of partition policies and their effects.
In most cases, partition policies are either enabled (1) or disabled (0), but some allow a range of values.
To change multiple policy settings during partition initialization, see Setting Partition Policies Using a Template.
See also Configuring the Partition for Cloning or Export of Private/Secret Keys.
Prerequisites
>The partition must be initialized (see Initializing an Application Partition).
>If you are changing a destructive policy, back up any important cryptographic objects (see Partition Backup and Restore).
NOTE If you are running more than one LunaCM session against the same partition, and change a partition policy in one LunaCM session, the new policy setting is visible in that session only (although it is in effect). You must exit and restart the other LunaCM sessions to display the new policy setting.
To manually set or change a partition policy
1.Launch LunaCM and set the active slot to the partition.
lunacm:> slot set -slot <slotnum>
2.[Optional] Display the existing partition policy settings.
lunacm:> partition showpolicies
3.Log in as Partition SO
lunacm:> role login -name po
4.Change the policy setting by specifying the policy number and the desired value (0, 1, or a number in the accepted range for that policy). You can specify multiple policy changes in the same command by using comma-separated lists (for example, -policy 33,37,40 -value 0,1,1).
lunacm:> partition changepolicy -policy <policy_ID> -value <value>
If you are changing a destructive policy, you are prompted to enter proceed to continue the operation.
