How do user permissions in CollabNet Enterprise Edition map to permissions in TeamForge 16.10?

Permissions in TeamForge 16.10 are different from permissions in CollabNet Enterprise Edition.

Permission mapping details

Care has been taken to map the permissions of a CollabNet Enterprise Edition role to an equivalent role in CTF. However, after migration it may be similar, but not same. See these details to get a better understanding of the mapping between CollabNet Enterprise Edition and TeamForge 16.10 permissions: User permissions in CEE and CTF 16.10 projects

Note: Site-wide roles in TeamForge 16.10 are equivalents of Domain Roles in CollabNet Enterprise Edition. Global project roles in TeamForge 16.10 are the equivalents of Project roles with "All projects" visibility in CollabNet Enterprise Edition.

Exception reports

In cases where it is not possible to retain the permissions mapped to a role in CollabNet Enterprise Edition, the exceptions are reported and the exception report is provided for your reference in TeamForge 16.10. Each project will have an exception report with the change details at the project level. The exception report for the project is placed in the "Documents" tool under the CollabNet Enterprise Edition_migration_exception_report folder. The report file is named as <project-name>-REPORT.txt.

The Look project contains another exception report with site-level details. This would also have exception report of individual projects in the system. The site level report is placed in the look project under the same folder as GLOBAL-REPORT-CONSOLIDATED.txt.

Please go through the global exception report for the site, and see that you are okay with it, or make necessary adjustments as needed. To use the exception report effectively, see How to read an exception report?

Resource Patterns

Resource patterns associated with the CollabNet Enterprise Edition roles are not migrated. This means that the users belonging to these roles will have access to the complete repository after migration, depending on their access level in CollabNet Enterprise Edition. For example, if a role had "VersionControl - Modify" access to only "trunk/src", post-migration, the role will have commit access to the entire repository. Similarly, if the role in CollabNet Enterprise Edition had "VersionControl - Read" access to only "trunk/docs", post-migration, the role will have view access to the entire repository.

TeamForge 16.10 uses Path-based permissions (PBP) as an alternative. You can transfer the regular expressions to PBP to control the repository access. Setting PBPs is easier when compared to using the Resource Patterns; however, PBP has some limitations compared to CollabNet Enterprise Edition's regular expressions.

PBP limitations include:
  1. PBPs are not inherited.
  2. Site-wide and global project roles do not allow PBP associations with permissions.

See these details to get a better understanding of the mapping between CollabNet Enterprise Edition Resource Patterns and TeamForge 16.10 permissions: TeamForge 16.10 Permissions for Resource Patterns

The exception report contains the permission-resource pattern mapping that was dropped, against the affected role.

Role associations with **Host/*Domain users

If your project had any role associations with *Domain users and **Host user's user groups, they are not retained upon migration. At this point, TeamForge 16.10 doesn't have an alternate mechanism for this.

Note: If any such associations are dropped, role association of default user groups in Domain and project level are captured in domain and project level exception reports respectively. The default user group's subscription to discussions are captured in respective project's exception reports.

Registered User role and permission of a logged in user

Permission of a CollabNet Enterprise Edition's Registered user role are mapped to Default Access Permissions of individual projects. The difference here is that, there is no central place that controls the access rights but it has the advantage that each project can specify different permissions.

In cases where the CollabNet Enterprise Edition permissions are not retained, they are exception reported. Please refer the global exception report for details.

Anonymous access

You may skip this section if guest access was not enabled in your CollabNet Enterprise Edition site.

There is no central control in TeamForge 16.10 to enable/disable guest access. Each project can specify what an anonymous user can access through the DAP of the project. Permissions of CollabNet Enterprise Edition's Anonymous Guest role are mapped to Default Access Permissions of individual projects. If guest access was enabled in your CollabNet Enterprise Edition site, please look at the global exception report to see whether there are permissions that changed during migration.

Note: It is recommended that you try out this in stage before doing in production.