Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is best way to export and import security permissions across environments?

Tags:

tridion

We have large number of publications and currently we manually apply the CMS permissions across multiple environments (UAT and PROD mainly). This is tedious and often times error prone.

We are trying to export and import the CMS permissions across multiple environments, so this could be done once manually and ported to other environments using some sort of tool.

Environment: Tridion 2011 SP1 + IIS 7.5 + SQL Server 2008 r2

In Old PowerTools (VBScript) there used to be some tool to manage Access management which could be handy, still error prone. We are not interested to use the OLD powertools for obvious reasons and it is recurring operation function so DB option is ruled out as well.

We are considering to build a tool using Core Service, that could export and Import the permissions. We have the same Groups, Publications and Folder structure across these environments.

Has anyone tried this before? What are the experiences or practices that other fellow Tridioneers used in large implementations.?

Any view points are greatly appreciated.

like image 826
Ram G Avatar asked May 08 '12 18:05

Ram G


People also ask

Which permission can be applied to fields by using field level security?

Every field enabled with field-level security will have all the access permissions set to No by default. You will have to customize it as per your needs. System admin roles and the users assigned with this role will have all privileges and permissions on data fields regardless of whether it is security enabled.

What are security roles in Powerapps?

Security roles can be used to configure environment-wide access to all resources in the environment, or to configure access to specific apps and data in the environment. Security roles control a user's access to an environment's resources through a set of access levels and permissions.

How do I copy a security role in Dynamics 365?

Go to Settings > Security. Click Security Roles. In the list of security roles, under Name, click or tap to select the security role you want to copy, and then on the Actions toolbar, click or tap More Actions > Copy Role.


2 Answers

I once wrote a tool that allowed you to describe your desired permissions settings as JSON, and apply them via the API. To be honest, if you were to write a DTAP-security tool, I'd follow a similar approach. Start by being able to express your desired settings in an open, text-based format, then write a tool that imports them. Once you have this, you can easily build a tool that exports them.

like image 175
Dominic Cronin Avatar answered Jan 03 '23 00:01

Dominic Cronin


I created a security migration tool in Tridion 5.2 but the solution approach will still apply to current versions of Tridion

Summary

The solution used a set of simple vbscript export page templates to extract the security information as xml and store it in a set of components.

I then used Tridion Content Porter to move these security components, page templates and tbbs's to the target CMS's

Using set of simple import page templates to open the security xml components to apply the security setting to the target cms.

The tcmid's will be different in the target cms so the import functions must use webdav urls and build dictionaries of tcmid's for trustees etc

Details

Export Security Groups

  • iterate selected Groups

  • append group xml

  • save xml in component

Export Publication Rights

  • getlistpublications

  • iterate list of publications

  • get each publication xml

  • remove "//tcm:CategoriesXSD" node

  • appendChild publication xml

  • remove unwanted "//tcm:Trustee" nodes

  • save xml in component

Export Folder Permissions

  • recursively iterate folders

  • append Folder XML

  • remove trustee nodes that are inherited ("IsInheritanceRoot")

  • save xml in component

Export Structure Group Permissions

  • recursively iterate Structure groups

  • append structure group XML

  • remove metadata node "//tcm:Metadata"

  • filter out unwanted Trustees

  • save xml in component

Import Security Groups

  • load xml from security component

  • iterate group nodes

  • create groups if they don't already exist

Import Publication rights

  • load xml from security component

  • update xml tcmid's

  • iterate publications

  • load publication xml

  • build xml updategram

  • update publication xml

Import Folder Permissions

  • load xml from security component

  • update xml tcmid's

  • for each folder node

  • build updategram xml

  • open folder

  • update folder xml

Import Structure Group Permissions

  • load xml from security component

  • update xml tcmid's

  • for each structure group node

  • build updategram xml

  • open structure group

  • update structure group

like image 40
Chris Mills Avatar answered Jan 03 '23 00:01

Chris Mills