Migrating security from previous versions

To migrate security settings from uDeploy 4.8.5 or IBM® uDeploy 5.0 to IBM UrbanCode Deploy, perform the following steps.

Before you begin

Before starting, read the Security topic, which will help you determine the number of teams you will need.
Note: If you are upgrading from a version prior to 4.8.5 and you want to upgrade your security settings, you must first upgrade to 4.8.5 or 5.0 before performing this task. If you are upgrading the server but not your security settings, you must be at version 4.8.3 or higher.

About this task

The security model in IBM UrbanCode Deploy represents significant changes from previous versions. The migration task enables you to secure existing user-created objects instead of individually securing each object after upgrading.
Note: This task should be complete before performing the upgrade.

Procedure

  1. Open the Migration page by navigating to the migration URL: deploy_server_location/#migration/teams. For example:
    https://company.com:8443/#migration/teams
  2. Open the User Roles pane to create roles and assign permissions to them. For information about roles, see Roles and permissions. Create at least one administrator-type role with all permission, or at a minimum all Web UI permissions, and the Add Team Members and Manage Security permissions from the System security type.

    For information about security types, see Security types.

    Note: The Execute permission is now only used by the Environment security type, and you no longer have to grant that permission to other types. In order to change or modify an item, a user must have the corresponding Edit permission. You can lock items by withholding the Edit permission from a role.
  3. Open the Teams pane to create teams and add users and groups to them. All previously created users and groups are available for assignment. For information about creating teams and assigning users, see Security teams.
    Note: Users must be assigned to a role when added to a team, so roles must be defined before users and groups can be added to teams.
  4. Open the Object-Team Mapping pane to map objects that can be secured to the teams that will manage them. The secure-able object types can be seen in the following screen capture.
    Figure 1. Obect-Team Associations pane
    To map objects, perform the following steps:
    1. Select the object type from the object-type list.
    2. Select all the objects you want to assign to the same team from the object list. The tph1 agent is selected in the accompanying figure. You can select multiple items by holding down the Shift key when selecting an item. Use the filter boxes to limit long lists.
    3. Click the Add Selected to Team button.
    4. From the Add a Team dialog box, select the team to which you want the selected objects assigned, and the security type.
    5. Click Save.
    Note: The Licenses type is not used and can be ignored.
  5. By default, manual tasks are configured to be useable by any user. To limit a task to a specific role, open the Task Security pane and associate the task with the role. Any application, component, or approval-type task used in a process is available to use. To associate tasks with roles, perform the following steps:
    1. Select the task type from the task-type list.
    2. Open the Configuration dialog box by clicking the Configuration button for the task you want to use.
    3. Select a value from the Who can approve this task list. Roles can be restricted by environment or application.
      Figure 2. Who can approve this task list
    4. Select the role and security type for the task. If you specify the admin role, for example, in order to use the object a user must be assigned the admin role. Multiple roles can be selected.
    5. Save you work.

Results

After setting up security, you are ready to upgrade to IBM UrbanCode Deploy. For information about upgrading, see Upgrading IBM UrbanCode Deploy. After the upgrade, in addition to the teams you configured, a System team is created that has permissions granted for all objects that can be secured. Anyone added to a role on the System team is granted all permissions for its objects.

Feedback