17Migrating Access Profiles

Migrating Access Profiles

This chapter describes how to migrate access profiles using the command-line interface of the Oracle Migration Tool On Demand client. It contains the following topics:

• Access Profiles

• Privileges Required for Migrating Access Profiles

• Elements and Sections in the Access Profile XML Output File

• Migrating Access Profiles

Access Profiles

An access profile is the set of security permissions that determines what data a user can access.

The following table describes the Oracle Migration Tool On Demand client commands that are used with access profiles. The commands are case sensitive. For examples of running these commands, see Migrating Access Profiles.

Table Oracle Migration Tool On Demand Commands for Access Profiles

Command	Description
[-sortspec "AccessObjectName[ sortorder]"] Read AccessProfile SystemNameOfAccessProfile	This command exports a single access profile from an Oracle CRM On Demand server. The optional sortspec parameter allows you to sort the access objects by access object name. The supported values for sortorder are: ASC for sorting in ascending order. DESC for sorting in descending order. If you specify AccessObjectName but you do not specify the sort order, then the access objects are sorted in ascending order by default. If you do not specify AccessObjectName, then the access objects are listed in no specific order.
[-sortspec "AccessObjectName[ sortorder]"] ReadAll AccessProfile [FolderLocation]	This command exports all access profiles from an Oracle CRM On Demand server. For information about the optional sortspec parameter, see the description of the Read command.
Upsert AccessProfile AccessProfileXML	This command updates or inserts a single access profile on an Oracle CRM On Demand server, as required.

Note: Do not assume that the system name of the access profile is the same as what you see in the user interface for Oracle CRM On Demand. For example, if you create an access profile called My Access Profile and later rename it to My Renamed Access Profile, then the system name continues to be My Access Profile. Therefore, if you want to read this specific access profile, then you must reference it by the name, My Access Profile, in your read request. The only way to determine the real name of an access profile that has been modified is to perform a ReadAll operation and export all the configuration data.

Privileges Required for Migrating Access Profiles

The following privileges are required on the user account running the Oracle Migration Tool On Demand client commands:

• For the Read and ReadAll commands: Enable Web Services Access, and Manage Roles and Access.

• For the Upsert command: Enable Web Services Access, Manage Roles and Access, and the appropriate privilege to manage access to the relevant record type.

  For example, if the access profile contains information about Custom Object 02, then the user role must have the Customize Application - Manage Custom Object 02 privilege. For information about setting and checking privileges, see Oracle CRM On Demand Online Help.

Elements and Sections in the Access Profile XML Output File

The following table describes the elements and sections in the access profile XML output file.

Table Elements and Sections in the Access Profile XML File

Description	Element or Section
<Name> contains the system name of the access profile. This is the same name that is used to retrieve a single access profile. This name never changes during any updates. When a new access profile is inserted, this name is used as the display name if a display name is not provided in the <AccessProfileTranslation> element of the XML file.	<data:Name>Administrator</data:Name>
<NameTranslation> contains the name of the access profile in the language of the user who extracts the access profile information. This element is read-only and is ignored for Upsert requests.	<data:NameTranslation></data:NameTranslation>
<AccessProfileID> contains the access profile ID. This element is read-only and is ignored for Upsert requests.	<data:AccessProfileId></data:AccessProfileId>
<Description> contains the description of the access profile that is used if one is not provided in the <AccessProfileTranslation> element of the XML file.	<data:Description></data:Description>
<AvailableForTeam> specifies whether the access profile can be granted to team members (true) or cannot be granted to team members (false). This element corresponds to the Grantable to Team Members check box in Step 1 of the Access Profile Wizard.	<data:AvailableForTeam>false </data:AvailableForTeam>
<AvailableForBook> specifies whether the access profile can be assigned to a user’s association with a book (true) or cannot be assigned to a user’s association with a book (false). This element corresponds to the Grantable to Book Users check box in Step 1 of the Access Profile Wizard.	<data:AvailableForBook>false </data:AvailableForBook>
<Disabled> indicates if the access profile is disabled (true) or is not disabled (false). This element corresponds to the Disabled check box in Step 1 of the Access Profile Wizard.	<data:Disabled>false</data:Disabled>
The <ListOfAccessProfileTranslation> section contains the translation values for the access profile.	<data:ListOfAccessProfileTranslation> . . . </data:ListOfAccessProfileTranslation>
The <AccessProfileTranslation> section contains the translation values for one language: <LanguageCode> contains the three-letter code for a language. For the list of language codes, see Language Codes and Their Corresponding Language and Country. <Title> contains the title for the access profile in the language identified by the language code. <Description> contains the description for the access profile in the language identified by the language code. In this example, when the user's language is set to German (DEU), the following values are displayed in the access profile: The title of the access profile is Administrator Standardzugriffsprofil The description is Vom System erzeugt	<data:ListOfAccessProfileTranslation> <data:AccessProfileTranslation> <data:LanguageCode>DEU</data:LanguageCode> <data:Title>Administrator Standardzugriffsprofil </data:Title> <data:Description>Vom System erzeugt </data:Description> </data:AccessProfileTranslation> . . . </data:ListOfAccessProfileTranslation>
The <ListOfAccessProfileEntry> section describes the access rights defined on the access profile.	<data:ListOfAccessProfileEntry> . . . </data:ListOfAccessProfileEntry>
The <AccessProfileEntry> section describes one access object (that is, a record type or related record type for which a permission can be granted) and the permissions granted for the access object: <AccessObjectName> is the name of the access object. For information about the access object names that appear in the <AccessObjectName> elements in the XML, and their associated display names in the user interface, see Access Objects and Corresponding Display Names. <PermissionCode> is the code corresponding to the permission for an access object, for example, R, RU, CRUD and so on. For information about the permissions that are available for the access objects, see Access Levels and Corresponding Permission Codes in the XML File.	<data:ListOfAccessProfileEntry> <data:AccessProfileEntry> <data:AccessObjectName>CustomObject10 </data:AccessObjectName> <data:PermissionCode>R</data:PermissionCode> </data:AccessProfileEntry> . . . </data:ListOfAccessProfileEntry>

Migrating Access Profiles

The following topics provide examples of how to use the Oracle Migration Tool On Demand client with access profiles:

• Extracting a Single Access Profile

• Extracting a Single Access Profile by System Name Using a Template File

• Extracting All Access Profiles

• Extracting All Access Profiles to a Specific Location

• Updating or Inserting an Access Profile (Upsert)

Note: Back up your configuration data and all other relevant data before running the Oracle Migration Tool On Demand client.

Extracting a Single Access Profile

This topic describes how to extract a single access profile from your Oracle CRM On Demand server for your environment (customer test environment or production).

Syntax

The following is the syntax for using the Oracle Migration Tool On Demand client to extract a specific access profile:

migrationtool -u UserID -s ServerURL Read AccessProfile SystemNameOfAccessProfile 

where:

• UserID is the user sign-in ID that has the appropriate privileges to run the Oracle Migration Tool On Demand client commands.

• ServerURL is the URL for the Oracle CRM On Demand server where your company resides.

• SystemNameOfAccessProfile is the system name of the access profile that you want to extract, for example, Administrator Default Access Profile.

Note: The Oracle Migration Tool On Demand client requests your Oracle CRM On Demand password, which can be redirected (using the pipe command) to the client program from standard input; that is, from a file, from the command line, or from another program.

Examples of Extracting a Single Access Profile

The following is an example of extracting a specific access profile: Administrator Default Access Profile:

migrationtool -u UserID -s ServerURL Read AccessProfile "Administrator Default Access Profile"

Note: Quotation marks are required only if the access profile name contains spaces.

The following is an example of extracting a specific access profile with the access objects sorted by access object name in ascending order:

migrationtool -u UserID -s ServerURL -sortspec "AccessObjectName ASC" Read AccessProfile "Administrator Default Access Profile"

Extracting a Single Access Profile by System Name Using a Template File

This topic describes how to extract a single access profile from your Oracle CRM On Demand server for your environment (customer test environment or production) by system name, using a template file.

Syntax

The following is the syntax for using the Oracle Migration Tool On Demand client to extract a specific access profile by system name, using an access profile input file that is derived from the access profile template file:

migrationtool -u UserID -s ServerURL Read AccessProfile AccessProfileTemplateXML 

where:

• UserID is the user sign-in ID that has the appropriate privileges to run the Oracle Migration Tool On Demand client commands.

• ServerURL is the URL for the Oracle CRM On Demand server where your company resides.

• AccessProfileTemplateXML is an XML file that is derived from the default access profile template file on your computer. The location of the default access profile template (AccessProfile.xml) depends on the operating system of your computer. If your computer uses a Windows operating system, then the template file is stored in the following directory:

  Installation_Directory\windows\resources\template

  If your computer uses any operating system other than a Windows operating system, then the template file is stored in the following directory:

  Installation_Directory/other/MigrationTool/resources/template
  

  In the directory path, Installation_Directory is the directory where the Oracle Migration Tool On Demand client is installed.

  Note: Do not modify the default template file. If the template file is modified, then a Read operation extracts only the access profile specified in the template file, bypassing what is provided on the command line. Instead, modify a copy of the default access profile.

The Oracle Migration Tool On Demand client requests your Oracle CRM On Demand password, which can be redirected (using the pipe command) to the client program from standard input; that is, from a file, from the command line, or from another program.

Example of Extracting a Single Access Profile by System Name Using a Template File

The following is an example of extracting a specific access profile by system name using a template file. In this example, before you run the Oracle Migration Tool On Demand client, make a copy of the default file, AccessProfile.xml, and in the copy, add the system name of the access profile between the tags:

<data:Name> </data:Name> 

For example: <data:Name>Administrator Default Access Profile</data:Name>)

migrationtool -u UserID -s ServerURL Read AccessProfile "C:\Oracle Migration Tool On Demand\windows\resources\template\MyAccessProfile.xml"

Quotation marks are required only if the name contains spaces. If quotation marks are not surrounding the name, then the Oracle Migration Tool On Demand client uses the first value and bypasses the remaining values. For example, if you have two access profiles called Admin and Admin Access Profile, and you send the following request (without quotation marks), then the Oracle Migration Tool On Demand client extracts the Admin access profile, because no quotation marks are used. Oracle Migration Tool On Demand client uses the first value (Admin) and bypasses the rest (Access Profile):

migrationtool -u UserID -s ServerURL Read AccessProfile Admin Access Profile

Extracting All Access Profiles

This topic describes how to extract all access profiles from your Oracle CRM On Demand environment (customer test environment or production).

Syntax

The following is the syntax for using the Oracle Migration Tool On Demand client to extract all access profiles:

migrationtool -u UserID -s ServerURL ReadAll AccessProfile 

where:

• UserID is the user sign-in ID that has the appropriate privileges to run the Oracle Migration Tool On Demand client commands.

• ServerURL is the URL for the Oracle CRM On Demand server where your company resides.

Note: The Oracle Migration Tool On Demand client requests your Oracle CRM On Demand password, which can be redirected (using the pipe command) to the client program from standard input; that is, from a file, from the command line, or from another program.

Examples of Extracting All Access Profiles

The following is an example of extracting all access profiles from your Oracle CRM On Demand server:

migrationtool -u UserID -s ServerURL ReadAll AccessProfile

The following is an example of extracting all access profiles with the access objects in each access profile sorted by access object name in descending order:

migrationtool -u UserID -s ServerURL -sortspec "AccessObjectName DESC" ReadAll AccessProfile

Extracting All Access Profiles to a Specific Location

This topic describes how to extract all access profiles from your Oracle CRM On Demand environment (customer test environment or production) to a specific location.

Syntax

The following is the syntax for using the Oracle Migration Tool On Demand client to extract all access profiles to a specific location:

migrationtool -u UserID -s ServerURL ReadAll AccessProfile FolderLocation

where:

• UserID is the user sign-in ID that has the appropriate privileges to run the Oracle Migration Tool On Demand client commands.

• ServerURL is the URL for the Oracle CRM On Demand server where your company resides.

• FolderLocation is the directory path to the folder where the extracted access profiles are stored, for example:

  C:\MyAccessProfiles
  

  Note: If you do not specify the drive letter, then the folder is created at the root of the directory where the Oracle Migration Tool On Demand client is installed.

The Oracle Migration Tool On Demand client requests your Oracle CRM On Demand password, which can be redirected (using the pipe command) to the client program from standard input; that is, from a file, from the command line, or from another program.

Example of Extracting All Access Profiles to a Specific Location

The following is an example of extracting all access profiles from your Oracle CRM On Demand server to a specific folder:

migrationtool -u UserID -s ServerURL ReadAll AccessProfile "C:\MyAccessProfiles"

Updating or Inserting an Access Profile (Upsert)

This topic describes how to update a specific access profile (if it exists), or insert that access profile (if it does not exist) on your Oracle CRM On Demand environment (customer test environment or production). For the purposes of the Oracle Migration Tool On Demand client, this is known as an Upsert operation. This operation is specified using the Upsert command.

About the Upsert Operation

The Upsert command inserts or updates an access profile based on the <Name> value, which is the system name of the access profile. If an access profile already exists with the same <Name> value, then the access profile is updated, otherwise, a new access profile is created. The matching of the access profile system names is case sensitive.

Syntax

The following is the syntax for using the Oracle Migration Tool On Demand client to update a specific access profile (if it exists) or insert the access profile (if it does not exist):

migrationtool -u UserID -s ServerURL Upsert AccessProfile AccessProfileXML 

where:

• UserID is the user sign-in ID that has the appropriate privileges to run the Oracle Migration Tool On Demand client commands.

• ServerURL is the URL for the Oracle CRM On Demand server where your company resides.

• AccessProfileXML is the fully qualified path name of the access profile XML file, for example:

  C:\My Files\My Profile.xml
  

The Oracle Migration Tool On Demand client requests your Oracle CRM On Demand password, which can be redirected (using the pipe command) to the client program from standard input; that is, from a file, from the command line, or from another program.

Example of Updating or Inserting an Access Profile

The following is an example of updating a specific access profile (if it exists) or inserting that access profile (if it does not exist) in your Oracle CRM On Demand server:

migrationtool -u UserID -s ServerURL Upsert AccessProfile "C:\My Files\My Profile.xml"

Note: Quotation marks are required only if the path or file name contains spaces.