We have large number of publications and currently we manually apply the CMS permissions across multiple environments (UAT and PROD mainly). This is tedious and often times error prone.
We are trying to export and import the CMS permissions across multiple environments, so this could be done once manually and ported to other environments using some sort of tool.
Environment: Tridion 2011 SP1 + IIS 7.5 + SQL Server 2008 r2
In Old PowerTools (VBScript) there used to be some tool to manage Access management which could be handy, still error prone. We are not interested to use the OLD powertools for obvious reasons and it is recurring operation function so DB option is ruled out as well.
We are considering to build a tool using Core Service, that could export and Import the permissions. We have the same Groups, Publications and Folder structure across these environments.
Has anyone tried this before? What are the experiences or practices that other fellow Tridioneers used in large implementations.?
Any view points are greatly appreciated.
Every field enabled with field-level security will have all the access permissions set to No by default. You will have to customize it as per your needs. System admin roles and the users assigned with this role will have all privileges and permissions on data fields regardless of whether it is security enabled.
Security roles can be used to configure environment-wide access to all resources in the environment, or to configure access to specific apps and data in the environment. Security roles control a user's access to an environment's resources through a set of access levels and permissions.
Go to Settings > Security. Click Security Roles. In the list of security roles, under Name, click or tap to select the security role you want to copy, and then on the Actions toolbar, click or tap More Actions > Copy Role.
I once wrote a tool that allowed you to describe your desired permissions settings as JSON, and apply them via the API. To be honest, if you were to write a DTAP-security tool, I'd follow a similar approach. Start by being able to express your desired settings in an open, text-based format, then write a tool that imports them. Once you have this, you can easily build a tool that exports them.
I created a security migration tool in Tridion 5.2 but the solution approach will still apply to current versions of Tridion
Summary
The solution used a set of simple vbscript export page templates to extract the security information as xml and store it in a set of components.
I then used Tridion Content Porter to move these security components, page templates and tbbs's to the target CMS's
Using set of simple import page templates to open the security xml components to apply the security setting to the target cms.
The tcmid's will be different in the target cms so the import functions must use webdav urls and build dictionaries of tcmid's for trustees etc
Details
Export Security Groups
iterate selected Groups
append group xml
save xml in component
Export Publication Rights
getlistpublications
iterate list of publications
get each publication xml
remove "//tcm:CategoriesXSD" node
appendChild publication xml
remove unwanted "//tcm:Trustee" nodes
save xml in component
Export Folder Permissions
recursively iterate folders
append Folder XML
remove trustee nodes that are inherited ("IsInheritanceRoot")
save xml in component
Export Structure Group Permissions
recursively iterate Structure groups
append structure group XML
remove metadata node "//tcm:Metadata"
filter out unwanted Trustees
save xml in component
Import Security Groups
load xml from security component
iterate group nodes
create groups if they don't already exist
Import Publication rights
load xml from security component
update xml tcmid's
iterate publications
load publication xml
build xml updategram
update publication xml
Import Folder Permissions
load xml from security component
update xml tcmid's
for each folder node
build updategram xml
open folder
update folder xml
Import Structure Group Permissions
load xml from security component
update xml tcmid's
for each structure group node
build updategram xml
open structure group
update structure group
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With