How to: Migrate Authorizations
During the implementation of Authorization Management more environments are used. It is possible to migrate the setup from, for example, the TEST environment to the Production environment. The basic principle is that the set-up within Authorization Management is completely secured so that it can be imported into the new environment later. Note: Authorization Management Pro is not included in the setups. This setup remains the same is the assumption.
To migrate the authorizations you can follow the steps below:
Go to the environment where the new setup has been established
1. Check if all Organization Roles are synchronized;
2. Export the Permission Set/Permission and Authorization Management Settings via Compliance/Security/Authorization Management under Setup:
3. Create a RapidStart package for the Permission Sets and Permissions. For version 2016 and 2017 these are tables 2000000004 and 2000000005. Export this package;
4. Export the Field and Dataset Security via Compliance/Security/Field and Dataset Security Import/export Field and Dataset Security settings;
5. Write down the numbering that is used;
Go to the new environment
6. Login with a SUPER account without company restrictions. This SUPER will be kept as long as you do not delete this Permission Set, so beware!
7. Check the settings (Authorization Management, Field and Dataset Security);
8. Back up (if desired) the Access control table (table 2000000053) from the Development Environment. Run this table and copy all rows and then paste them into Excel;
9. Export (if desired) the setup from the new environment as a backup for when the import from the other environment would not work. See steps 2 and 3;
10. Run report 11111993 from the development environment to cleanup some settings. Determine what should be removed. Select everything except the first option. Click Preview to delete the data:
11. Delete all Permission Sets (user roles) except SUPER . Filter on <> SUPER and then right mouse button, Delete;
12. Check whether all users have been created in the new environment and choose refresh users in the Users(2C) overview;
13. Import the RapidStart package containing the Permission Sets and Permissions from step 3. First the Permission Sets (Select line, Functions, Apply data), then the Permissions (Select line, Functions, Apply data);
14. Release all Permission Sets (2C) via Compliance/Security/Authorization Management/Permission Sets (2C). Select them all and click on Release Selection;
15. Import the Authorization management Settings via Compliance/Security/Authorization Management, Export/import Authorization Management settings. (This gives the user his Organization Roles with the linked Permission Sets);
16. Check if you are linked to an Organization Role. If so, your permissions can be removed by the system (depending on the Authorization Management, Synchronization Type setting). Make sure you keep SUPER. Make sure you are linked to an Organization Role (without company restriction) that has the SUPER Permission Set linked to it;
17. Release all Organization Roles. This can be done by running the 2C User profile table (11111979) from the development environment and setting all lines to Released status;
18. Synchronize all Organization Roles (Compliance/Security/Authorization Management/Organizational Roles) via the Synchronize All button;
19. Remove all Field, Dataset Security and mandatory Fields. This is only necessary if adjustments have been made to this!
20. Check if the number series (see step 6) exist in this new environment?
21. Import the Field and Dataset Security settings. Note: This is only necessary if adjustments have been made within Field and Dataset Security;
22. Review the number series for Field and Dataset security. Make sure the Last No. used matches the highest number used in the Field and Dataset security.
Checks after Migration
23. SUPER Award:
- Must not be assigned to Windows groups, otherwise users can still have SUPER;
- Check which accounts have SUPER: Compliance/Security/Authorization Management/Permission Sets (2C), column No. of linked Users for Permission Set SUPER;
24. Check whether all users have an Organization Role: Compliance/Security/Authorization Management/Users (2C), column No. of Linked Organization Roles;
25. Check whether users are linked to all Organization Roles: Compliance/Security/Authorization Management/Organizational Roles, column Number of linked Users;
26. Check that all Mandatory fields and the Field and Dataset securities are active (start date in the past and no end date);
27. Check the User Personalization’s (RTC profile and client language), User setup (authorization, posting from/ to, etc.) and Warehouse Employees where applicable.