Exporting users, groups, and permissions from Access Manager
When you run the migration tool on Access Manager, you export the following:
- Users defined in Access Manager (without passwords)
- Built-in or default roles defined in Access Manager (ADMIN, USER, DESIGNER, GRID_ADMIN, REPOSITORY_ADMIN)
- User-created roles defined in Access Manager (user-defined roles)
- Roles or groups defined in external authentication services and mapped, through the SSO configuration panels, to roles defined in Access Manager (mapped roles).
- Access Manager authentication provider configuration
- Repository operation and artifact access permissions (rules)
- CDP operation permissions (rules)
Passwords for users defined in Access Manager are stored in a non-reversible form (a seeded hash value). The original passwords are not recoverable, hence, exported user definitions do not contain passwords.
Although the external authentication provider configuration is exported from Access Manager, currently, there is no capability to use that information during an import to establish external authentication provider modules in BMC Atrium Single Sign-On.