Exporting users, roles, and permissions from Access Manager

When you run the migration tool on Access Manager, you export the following:

  • Users defined in Access Manager (without passwords)
  • Built-in or default roles defined in Access Manager (ADMIN, USER, DESIGNER, GRID_ADMIN, REPOSITORY_ADMIN) 
  • User-created roles defined in Access Manager (user-defined roles)
  • Roles defined in external authentication services and mapped, through the SSO configuration panels, to roles defined in Access Manager (mapped roles).
  • Access Manager authentication provider configuration
  • Repository operation and artifact access permissions (rules)
  • CDP operation permissions (rules)

Passwords for users defined in Access Manager are stored in a non-reversible form (a seeded hash value). The original passwords are not recoverable, hence, exported user definitions do not contain passwords.

Although the external authentication provider configuration is exported from Access Manager, currently, there is no capability to use that information during an import to establish external authentication provider modules in the authentication system. 

Related topic

Importing permissions, users, and roles

Migration tool options