Change policies on the partition. This command toggles or alters a policy of the specified partition. Only certain portions of the policy set are HSM Admin-modifiable. These policies and their current values can be determined using the partition showpolicies command. After a successful policy change, the command displays the new policy value.
NOTE This command requires Luna Network HSM Appliance Software 7.8.1 or newer. It cannot be used on STC partitions; the Partition SO must use LunaCM at the client for partition management.
This command must be executed by the appliance admin, logged in as Partition SO.
This command can set a policy on or off, or set it to a certain value if it is a numerical policy. Policies can be set only to more restrictive values than the associated capability. You cannot relax a policy to a less-restrictive setting than the associated capability value. Refer to Partition Capabilities and Policies, for a list of all partition capabilities/policies and their meanings.
Users with the following privileges can perform this command:
partition changepolicy -partition <name> -policy <policy#> -value <value> -psopin <PSO_password> [-force]
|-partition <name>||-pa||Specifies the name of the partition on which to alter policies. Partition names are obtained with the partition list command.|
|-policy <policy#>||-po||Specifies the policy code of the policy to alter. Policy descriptions and codes are obtained with the partition showpolicies command.|
|-psopin <PSO_password>||-ps||Specifies the Partition Security Officer password for the partition. If this option is not included, LunaSH will prompt you to enter the PO password.|
|-value <value>||-v||Specifies the value that should be assigned to the specified policy. When specifying values for an on/off type policy, use '1' for on and '0' for off.|
|-force||-f||Force the option. Useful for scripting.|
lunash:>partition changepolicy -partition myPartition -policy 22 -value 1 Luna PED operation required to login as Partition Security Officer - use Partition Security Officer (blue) PED key. 'partition changePolicy' successful. Policy "Allow activation" is now set to: On Command Result : 0 (Success)