Migrating authentication and authorization data from Access Manager
This section describes how you can migrate users, roles, and permissions from Access Manager to BMC Atrium Single Sign-On, the repository, and CDP.
In versions of BMC Atrium Orchestrator Platform that are earlier than version 7.7, permissions are stored in Access Manager and you can assign permissions from the CDP only.
In BMC Atrium Orchestrator Platform 7.7 onward, CDP continues to provide an administration UI for the CDP operations. You can specify the execution permissions from CDP from the Administration tab. Similarly, for the repository, a new Manage Permissions tab allows an administrator to assign repository permissions to the various user roles. In addition, in BMC Atrium Orchestrator Platform 7.7 the CDP operation rules are moved from Access Manager and stored within the CDP itself. The repository operation and artifact access rules are moved and stored within the repository. BMC Atrium Single Sign-On is not involved with either the storage or administration of rules for the CDP or Repository.
The migration tool enables the recreation of users, roles (also known as groups in BMC Atrium Single Sign-On), and permissions (rules) from Access Manager to:
- Users and roles/groups in BMC Atrum Single Sign-On.
- Roles/groups and CDP operation (execution) permissions into a CDP.
- Roles/groups and the repository operation and artifact access permissions into a repository.
The migration tool does not support merging of an exported rule set with a rule set in the repository or CDP. The migration tool is capable of importing into an empty rule database or replacing an existing rule set.
Scenarios for using the migration tool
You can use the migration tool utility in case of the following scenarios:
- When you are upgrading from BMC Atrium Orchestrator Platform 7.6.03 version to 7.8.x.
- When installing a new, parallel 7.8.x environment using an independent external repository database.
- When installing a new, parallel 7.8.x environment using the same external repository database.
For more information about using the migration tool in each of the scenarios, see Using the migration tool utility.
Overview of the migration tool
The following table provides and overview of the information in this section.
|Using the migration tool utility||This topic describes how to locate and run the migration utility to export all authentication and authorization data from Access Manager and import users and groups to BMC Atrium Single Sign-On and permissions to the repository and CDP.|
|Migration tool options|
This topic describes all options that you can use while running the migration tool utility such as specifying the BMC Atrium Single Sign-On details or the properties file for mapping default roles.
|Exporting users, groups, and permissions from Access Manager||This topic provides information about what is exported when you run the migration tool in an export mode.|
|Importing permissions, users, and groups||This topic provides information about the processing of the rules during an import. Review this topic before running the migration tool.|
|Using a role mapping file to import default roles||This topic provides information about using a role mapping file to import default roles from Access Manager to BMC Atrium Single Sign-On.|