https://communities.sas.com/t5/Administration-and-Deployment/Metadata-Migration-Preserve-Permissiosn/m-p/956431#M29508 <P>If you're doing a full migration my guess is that the permissions would be retained. You may not have applied ACTs but there will be ACEs, either explicit or inherited. If you want to confirm this, examine the permissions on some of them. Here's an example of my own:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Nigel_Pain_0-1737129773898.png" style="width: 400px;"><img src="https://communities.sas.com/t5/image/serverpage/image-id/103773iE2E026C1A2A44DF7/image-size/medium?v=v2&amp;px=400" role="button" title="Nigel_Pain_0-1737129773898.png" alt="Nigel_Pain_0-1737129773898.png" /></span></P> <P>You'll see all permissions are granted except WM, but including WMM. As I say, a full metadata migration will include everything (by definition), including all the access controls that are defined.</P> <P>If you want to dig into it further, the base SAS front-end has a very useful metadata browser in Tools, Accessories, or I believe Metacoda have a useful plugin to SASMC&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/19750">@MichelleHomes</a>&nbsp;?</P> Fri, 17 Jan 2025 16:17:53 GMT Nigel_Pain 2025-01-17T16:17:53Z https://communities.sas.com/t5/Administration-and-Deployment/Metadata-Migration-Preserve-Permissiosn/m-p/956425#M29507 <P>I am performing a manual metadata migration from M6 to M8. In the old environment users created metadata objects on own metadata user folders with their own user id , no folder structure followed on BU/ORG level and no ACT's applied.&nbsp;</P><P>&nbsp;</P><P>I am performing migration with the account "sasadm@saspw" and would like to ensure users will not have permission issues on their folder/objects after moving to the new environment(sasadm vs Individual user-id).&nbsp;</P><P>&nbsp;</P> Fri, 17 Jan 2025 15:50:18 GMT https://communities.sas.com/t5/Administration-and-Deployment/Metadata-Migration-Preserve-Permissiosn/m-p/956425#M29507 Key123 2025-01-17T15:50:18Z https://communities.sas.com/t5/Administration-and-Deployment/Metadata-Migration-Preserve-Permissiosn/m-p/956431#M29508 <P>If you're doing a full migration my guess is that the permissions would be retained. You may not have applied ACTs but there will be ACEs, either explicit or inherited. If you want to confirm this, examine the permissions on some of them. Here's an example of my own:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Nigel_Pain_0-1737129773898.png" style="width: 400px;"><img src="https://communities.sas.com/t5/image/serverpage/image-id/103773iE2E026C1A2A44DF7/image-size/medium?v=v2&amp;px=400" role="button" title="Nigel_Pain_0-1737129773898.png" alt="Nigel_Pain_0-1737129773898.png" /></span></P> <P>You'll see all permissions are granted except WM, but including WMM. As I say, a full metadata migration will include everything (by definition), including all the access controls that are defined.</P> <P>If you want to dig into it further, the base SAS front-end has a very useful metadata browser in Tools, Accessories, or I believe Metacoda have a useful plugin to SASMC&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/19750">@MichelleHomes</a>&nbsp;?</P> Fri, 17 Jan 2025 16:17:53 GMT https://communities.sas.com/t5/Administration-and-Deployment/Metadata-Migration-Preserve-Permissiosn/m-p/956431#M29508 Nigel_Pain 2025-01-17T16:17:53Z https://communities.sas.com/t5/Administration-and-Deployment/Metadata-Migration-Preserve-Permissiosn/m-p/956497#M29510 <P>In a manual migration, when you import the metadata package (.spk file), you get a choice as to whether you want to include/import access controls or not. The access controls are always exported in the spk file but you get to choose whether you want to import them or not.</P> <P>&nbsp;</P> <P>Although there may not be any manually added access controls on the content in your user folders there will be some access controls added automatically by SAS when the user folder was created. You will see an ACT (Private User Folder ACT) and a set of explicit permissions on each users "My Folder" and "Application Data" folders.&nbsp; This sample screenshot of the Metacoda Permissions Tracer shows them and their impact on a users My Folder:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2025-01-18-sas-user-folder-permissions.png" style="width: 999px;"><img src="https://communities.sas.com/t5/image/serverpage/image-id/103801iA0BAE452E192A067/image-size/large?v=v2&amp;px=999" role="button" title="2025-01-18-sas-user-folder-permissions.png" alt="2025-01-18-sas-user-folder-permissions.png" /></span></P> <P>&nbsp;</P> <P>It is these automatically added access controls which prevent users from seeing inside each others user folders but allows them to add content to their own. You will most likely want to retain that setup in the new environment by importing the access controls. Alternatively if you get each user to login into the new environment so that SAS automatically creates and secures the user folders then you can import the user folder contents later without access controls and let permission inheritance do its work.</P> <P>&nbsp;</P> <P>Thanks <a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/13516">@Nigel_Pain</a> for mentioning our plug-ins. As mentioned, you might find these useful to review and/or test the metadata security implementation in your old and new environments. If you want to try them out you can register to get a free 30 day evaluation license at <A href="https://www.metacoda.com/en/evaluation/" target="_blank">https://www.metacoda.com/en/evaluation/</A></P> Sat, 18 Jan 2025 02:04:32 GMT https://communities.sas.com/t5/Administration-and-Deployment/Metadata-Migration-Preserve-Permissiosn/m-p/956497#M29510 PaulHomes 2025-01-18T02:04:32Z