Reputation: 417
Sitecore - copy Role and users to new environment
We are using Sitecore 8 update 3 with Active Directory integration. I am trying to copy a Role and the respective users tied to it from our Dev environment over to Prod
example:
role: Sitecore/IHaveAccess
users: ad/dk123, ad/dk234, ad/dk345...
I tried two different methods:
Method 1: Generate package:
By creating a package that described on the page 19: https://sdn.sitecore.net/upload/sitecore6/65/package_designer_admin_guide-a4.pdf
When I installed the package on the new environment, the role was added but none of the users was under the Role.
Method 2: Serialization:
I serialize the item, but when viewing in Notepad++ is does not contain any users. When I serialize a user who was in the group, I do see the group.
Any thoughts why we have the issue?
Upvotes: 2
Views: 2515
Answers (1)
Reputation: 17000
Unfortunately, the membership information is stored against the user and not the role (the same for roles within roles). In this instance, the membership information is stored against the AD user. You are storing that a user is a member of role x and not that role x contains member y.
This means that you would need to package up both the role, and the corresponding users. I'm not sure of how this would work using AD though, since you are essentially trying to sync back user related data via Sitecore. I would ensure at your AD provider is not set as readonly in the connection string or it's setup. Since you only have a one-way sync, there's no way to store that information back in AD and have it persist.
Personally, I would set up my roles differently to allow the management to be easier, but it depends on your exact requirements obviously:
- Create a Sitecore role, assign all your permissions and security against this roles (sitecore\IHaveAccess)
- Create a matching AD role (ad\IHaveAccess) and add this as a member of your Sitecore role
- Add your AD users to your AD Group. They will gain the correct permissions through Role In Role. If you already have AD Groups set up, you simply add existing Groups to the new Group even.
Using this, at most you have to add your AD roles back into your Sitecore roles (this shouldn't be the case you added the AD roles as a member of the Sitecore role so the membership is stored in Sitecore). It also has the advtantage that your users/roles/membership is centrally located within one system.
Upvotes: 3
Related Questions
- Sitecore - Is there a way to clone/duplicate a user in the User Manager?
- Sitecore domains and roles
- Migrate Sitecore security(user/domain/roles/groups) between Sitecore instances?
- Sitecore CMS Creating new user and role
- Sitecore privileges on users with multiple roles
- Updating Web Role applications (Azure) without deleting user data
- How can I restore the original Sitecore Roles that ship with Sitecore CMS 6.x?
- sitecore configure / Insert options (roles, access setting?)
- Cloning a sharepoint rolegroup
- How to deploy existing Sitecore 6.2 site to new enviroment?