Note: ATG requires that certain roles be assigned to users in order to perform work on solutions. The eServer migration process does not assign these roles by default, because ATG cannot determine the mapping between Named ACLs and ATG roles. After migration is complete, you must explicitly add roles to your migrated users before they will be able to work with solutions and workflows. See ATG Service Installation and Configuration Guide for more information.
The migration process converts eServer’s Named ACLs into ATG’s model for solution, property, and statement security. User segments are created for each Named ACL and associated with the relevant solution attribute.
Migration looks at the Named ACLs, matches their references with ATG users/organizations, and creates user segments according to the following rule:
Include users whose login is one of <comma separated login names>
OR whose parentOrganization.id is one of <comma separated organization ids>
OR whose secondaryOrganization.id is one of <comma separated organization ids>.
Security on Solutions
ATG solutions have three attributes that determine view access: owningGroup, internalAudience and externalAudience.
Note: In ATG Knowledge, rights for solution authoring are based on the solution’s owning group. See Migrating Solution Owning Groups for information on specifying owning groups for solution classes.
This eServer setting… | …becomes this ATG entity… | …stored in this solution attribute |
|---|---|---|
owningGroup attribute specified in eserver_migration_config.xml | matching organization |
|
n/a | Everyone-Internal user segment |
|
n/a | Everyone-External user segment |
|
Security on Solution Statements
ATG solution statements have three attributes that determine view and modify access: internalAudience, internalModify, and externalAudience.
If a solution statement has security set on it, its Named ACLs are migrated according to the following table:
This Named ACL for a secured statement… | …becomes this ATG User Segment… | …stored in this solution statement attribute |
|---|---|---|
VIEW and MODIFY ACE combined | “<ACL name> Viewers” |
|
n/a | Everyone-Internal |
|
n/a | empty |
|
If a solution statement has no security, it is migrated according to the following table:
This ATG User Segment… | …is stored in this solution statement attribute |
|---|---|
Everyone-Internal |
|
Everyone-External |
|
Security on Solution Properties and Lists, including Intrinsic Fields
ATG solution properties and lists have three attributes that determine view and modify access: internalAudience, internalModify, and externalAudience. See Mapping ATG Intrinsic Fields to eServer Properties for information on specifying properties that should be used as ATG intrinsic fields.
If a solution property or list has security set on it, its Named ACLs are migrated according to the following table:
This Named ACL for a secured property or list… | …becomes this ATG User Segment… | …stored in this solution property attribute |
|---|---|---|
VIEW ACE | “<ACL name> Viewers” |
|
MODIFY ACE | “<ACL name> Modifiers” |
|
n/a | Everyone-External |
|
If a solution property or list has no security, it is migrated according to the following table:
This ATG User Segment… | …is stored in this solution property attribute |
|---|---|
Everyone-Internal |
|
Everyone-External |
|
Specifying a Default Internal Audience for a migrated solution
You can specify two different types of defaults:
Global - A list of organization IDs that should be used as a default for all migrated solutions
Solution Class - A list of organization IDs that should be used as a default for migrated solution per solution class. This takes precedence over the global default
To set the global default:
Set the property
defaultSolutionInternalAudienceOrganizationIdsin the nucleus component/atg/svc/migration/EserverMigrationService.This is an array of strings. (String[])Enter the organizational IDs, separated by a comma. The default value for this property is NULL, which indicates that there is no global default.
For example,
defaultSolutionInternalAudienceOrganizationIds=org1_id,org2_id
To set the default per solution class:
If this attribute is:
Not specified, the global default is applied
Set to an empty list, the solution’s internal audience is set to an empty list and overrides any global default internal audience list
Set to a non-empty list, the solution’s internal audience is set to this non-empty list of internal audiences. The global default internal audience list is overridden
Open the
configuration.XMLfile.Add the attribute
defaultInternalAudienceOrganizationIdin thesolutionClassXML element. This attribute is a comma separated list and can be empty, as it is an optional attribute for thesolutionClasselement. This attribute is not specified by default.For example:
To configure a single organization as the internal audience, define the attribute as follows:
<solutionClass tag="sclass1"
defaultInternalAudienceOrganizationId="org1_id" ...>
...
</solutionClass>To configure two organizations as the internal audience, define the attribute:
<solutionClass tag="sclass1"
defaultInternalAudienceOrganizationId="org1_id" ...>
...
</solutionClass>To configure an empty list of internal audiences, define the attribute:
<solutionClass tag="sclass1"
defaultInternalAudienceOrganizationId="" ...>
...
</solutionClass>If you do not configure the attribute, the global default will be applied if it is specified:
<solutionClass tag="sclass1" ...>
...
</solutionClass>
