Migrating authentication and authorization data from Access Manager
This section describes how you can migrate users, roles, and permissions from Access Manager to BMC Atrium Orchestrator with the BMC Remedy Single Sign-On (RSSO) authentication service. This is sometimes referred to as "BMC Single Sign-On" or "SSO" in this section.
In versions of BMC Atrium Orchestrator Platform that are earlier than version 7.7, permissions are stored and managed in Access Manager, but you can create and edit permissions in Grid Manager.
In BMC Atrium Orchestrator Platform 7.7 onward, the CDP continues to provide an administration UI for the CDP operations. You can specify the execution permissions from CDP from the Administration tab. For the repository (via Repository Manager) a new Manage Permissions tab allows an administrator to assign repository permissions to the various user roles. Also, the CDP operation rules are moved from Access Manager and stored within the CDP itself. The repository operation and artifact access rules are moved and stored within the repository. BMC SSO is not involved with either the storage or administration of rules for the CDP or Repository.
The migration tool enables the recreation of users, roles, and permissions (rules) from Access Manager as follows:
- Users and roles in BMC Remedy Single Sign-On.
- Roles and CDP operation (execution) permissions into a CDP.
- Roles and the repository operation and artifact access permissions into a repository.
The migration tool does not support merging of an exported rule set with a rule set in the repository or CDP. The migration tool is capable of importing into an empty rule database or replacing an existing rule set.
Scenarios for using the migration tool
You can use the migration tool utility in the following scenarios:
- When upgrading from BMC Atrium Orchestrator Platform 7.6.03 version to 7.9.x.
- When installing a new, parallel 7.9.x environment using an independent external repository database.
For more information about using the migration tool, see Using the migration tool utility.
Overview of the migration tool
The following table provides and overview of the information in this section.
|Using the migration tool utility||This topic describes how to locate and run the migration utility to export all authentication and authorization data from Access Manager and to import users and roles to SSO and authorization data (rules about granting permissions) to the repository and CDP.|
|Migration tool options|
This topic describes all options that you can use while running the migration tool utility such as specifying the SSO details or the properties file for mapping default roles.
|Exporting users, roles, and permissions from Access Manager||This topic provides information about what is exported when you run the migration tool in an export mode.|
|Importing permissions, users, and roles||This topic provides information about the processing of the rules during an import. Review this topic before running the migration tool.|
|Using a role mapping file to import default roles||This topic provides information about using a role mapping file to import default roles from Access Manager to SSO.|