All geek questions in one place

What is the best way to export and import security permissions in different environments?

We have a large number of publications, and currently we manually apply CMS permissions in several environments (mainly UAT and PROD). This is tedious and often causes a tendency to make mistakes.

We are trying to export and import CMS permissions in several environments, so this can be done manually and ported to other environments using some kind of tool.

Environment: Tridion 2011 SP1 + IIS 7.5 + SQL Server 2008 r2

Old PowerTools (VBScript) used some access control tool, which may be convenient, but still error prone. We are not interested in using OLD powertools for obvious reasons, and this is a repetitive function, so the DB option is also excluded.

We plan to create a tool using Core Service that can export and import permissions. We have the same groups, publications, and folder structure in these environments.

Has anyone tried this before? What are the experiences or practices that other tridioners have used in large implementations.?

Any points of view are welcome.

+6
source share
2 answers

I once wrote a tool that allowed you to describe the necessary permission settings as JSON and apply them through the API. To be honest, if you were to write a DTAP security tool, I would take a similar approach. Start with the ability to express your desired settings in clear text format, and then write a tool that imports them. After that, you can easily create a tool that exports them.

+5
source

I created a security migration tool in Tridion 5.2, but the solution approach will continue to apply to current versions of Tridion

Summary

The solution uses a set of simple vbscript export page templates to extract security information in the form of xml and save it in a set of components.

Then I used the Tridion Content Porter to move these security components, page templates, and tbbs to the target CMS

Using a set of simple import page templates to open the security xml components to apply the security setting to the target cms.

tcmid will differ in target cms, so import functions should use webdav urls and build tcmid dictionaries for proxies, etc.

More details

Export Security Groups

  • iteration of selected groups

  • add xml group

  • save xml in component

Export Publishing Rights

  • getlistpublications

  • repeat list of publications

  • get every xml post

  • remove the "// tcm: CategoriesXSD" node

  • appendChild xml publishing

  • remove unnecessary nodes "// tcm: Trustee"

  • save xml in component

Export Folder Permissions

  • iterate over folders recursively

  • add xml folder

  • remove trusted nodes that are inherited ("IsInheritanceRoot")

  • save xml in component

Export Structure Group Permissions

  • recursively iterate structural groups

  • add XML group structure

  • remove metadata node "// tcm: Metadata

  • filter out unwanted trustees

  • save xml in component

Import Security Groups

  • load xml from security component

  • group nodes iteration

  • create groups if they do not already exist

Import Publish Rights

  • load xml from security component

  • update xml tcmid

  • repeat publications

  • download xml publication

  • create xml updategram

  • Update xml post

Import folder rights

  • load xml from security component

  • update xml tcmid

  • for each node folder

  • build updategram xml

  • open folder

  • Refresh xml folder

Permissions of the import structure group

  • load xml from security component

  • update xml tcmid

  • for each structural group node

  • build updategram xml

  • group of open structures

  • update structure group

+4
source

Source: https://habr.com/ru/post/915216/

More articles:


All Articles