Audience
Any user of the Migration App.
Pre-requisites for Permissions Migration/Simulation
- Before running permissions migration or simulation, make sure all users and groups on the source are present in the Egnyte (destination) domain. Admins need to create the user or group separately on Egnyte domain before mapping them to source users or groups..
- Data migration needs to be run before initiating the permission migration.
- It is recommended to run the Scan command before executing the permissions migration command.
Permissions Simulation
Permissions simulation is a different command than permissions migration.
Permissions Migration is usually the last step in a migration project, but there are times to do a dry-run before initiating the actual Permissions Migration. A Permissions Migration Simulation provides insights into any missing Users and Groups on Egnyte that will be needed to create before running the final Permissions Migration command.
Prior to initiating either the Simulation or a Permissions Migration, first create all the expected Groups and Users on the Egnyte domain.
Navigate to the Migration Details page. On the Migration Actions menu, select Permissions Simulation.
This will initiate a three-step process.
- First, Migration App scans the source to identify NTFS permissions.
- Next, it scans the destination domain to identify Users and Groups that have already been created.
- Finally, it compares the two to provide insights as to what might be missing.
Depending on the number of permissions on either the source or destination, these scans can take some time to complete.
Once the command has completed, the results will be displayed on the Migration Details page.
Additional information may be found on the Migration Job Report.
Permissions Simulation Results On The Migration Job Report
Click Download Job Report and open the CSV file. The Migration Summary register will include the Permissions Simulation on the list of completed commands.
It is also possible to select the Permissions Migration Simulation register for more detailed information. And the Missing Users and Missing Groups registers will provide a list of anything found missing.
- To know which permissions will be migrated, please refer to the JSON file residing at the following path:
C:\Users\<username>\AppData\Local\egnyte-agent\<migration-id>\perms\eg_perms_<migration-id>_<timestamp>_v3.46.0.json
- Particularly, check for the field called "valid_delta_perms".
- Please DO NOT CHANGE the contents of this file as it will damage the permissions structure.
Permissions Migration
Using the Migrate Permissions option, users can migrate all required permissions from the source to the destination. Permissions can be migrated only after the initial scan is complete.
- Navigate to the Migration Details page. On the Migration Actions menu, select Migrate Permissions.
Users can choose to use the reports generated in the last successful permission simulation. Alternatively, they can choose to generate new extraction and translation reports for permissions migration. This is expected to take significantly longer.
Users can also choose to sync permission deletions from source to destination. The option is unchecked by default and is not applicable for the initial permission migration.
- Click on Migrate Permissions after making the choice.
The process to migrate the permissions will begin. - Once the process is completed, the users will be able to view the results of permissions migration. They can choose to migrate permissions any number of times.
How It Works
Migration App translates NTFS permissions to Egnyte during the Permissions Migration command in a three-step process.
- Permission are extracted from the Source
- Permissions are mapped to the Egnyte side
- Permissions are applied to files and folders in Egnyte
Note that during Steps 1 and 2, no information is provided to the User Interface. So until the system begins Step 3, nothing will display on the Migration Dashboard.
For a dataset of approximately 4 million objects, the estimated extraction time for permissions is 1.5 hours, and memory consumption is around 100 MB. The entire Permissions Migration can take longer than the original Data Migration, so plan accordingly.
Considerations
- Before migrating permissions, it's ideal if both users and groups have already been created on the Egnyte platform, although it is possible to migrate empty groups.
- Users can also migrate Azure AD users and group permissions using this tool.
- Migration App migrates permissions for folders. Files inherit the permissions of their parent folder.
- Egnyte recommends running Permissions migration at the very end of a Migration Job, right before cutting over all the users from using the Source to using Egnyte.
- Once permissions are scanned and extracted from the source and mapped to Egnyte (the first two steps), they are then applied at a rate of one folder per second, regardless of the number of permissions aligned with each folder.
- It is not possible to migrate permissions to Private folders on Egnyte.
Permissions Migration Results On The Migration Job Report
The Permissions Migration tab shows all permissions that were transferred from the source to Egnyte. It includes summary counts for total permissions processed, explicit permissions, successfully migrated permissions, failed permissions, and total permission errors. The details of the permission errors are included.
What If Some Users And Groups Have Not Yet Been Created On Egnyte?
Permission Migration will complete even if some Users or Groups from the Source are not found on Egnyte. These users and groups will be listed in Missing Users and Missing Groups worksheets in the Migration Report.
Create the missing Users and Groups in Egnyte, then run Permissions Migration again or manually apply the appropriate permissions.
Changing Permissions During Migration (Limited Availability)
This feature enables the customer to map the permissions to different users or group on the destination.
This feature is currently in Limited Availability for all customers. To request this feature, contact our Products team.
Once enabled, the permissions can be mapped from the Advanced options. The mapped permissions can’t be modified once saved or while the migration is running.
Sync Permission Deletions from Source to Destination (Limited Availability)
After the initial permission migration is completed, if there are any permissions removed from the source, then this feature removes the same from the destination while executing the next permission migration command.
This feature is currently in Limited Availability for all customers. To request this feature, contact our Products team.
Nested Permissions
The Migration app supports migrating nested permissions, such as permissions involving groups nested within other groups.
Users can migrate only the locally nested permission. If the nested permissions are global, then these will not be detected and will not be migrated
Mapping
Permissions mapping is detailed below.
|
NTFS Permission |
Egnyte Permission |
| Full Control | Full |
| Modify | Editor |
| Write | Editor |
| Read | Viewer |
| Read & Execute | Viewer |
| Change Permissions | Owner |
| Take Ownership | Owner |
| File Owner | Owner |
| Delete Subfolders and Files | Full |
| Delete | Full |
| Create Files/Write Data | Editor |
| Create Folders/Append Data | Editor |
| Write Attributes | Editor |
| Write Extended Attributes | Editor |
| Traverse Folder/Execute File | Viewer |
| Read Extended Attributes | Viewer |
| Read Attributes | Viewer |
| Read Permissions | Viewer |
- Everyone permission is migrated to include both Admin & Power users.
- During permission migration, if inheritance is enabled on the source folder, it will also be enabled on the destination folder. The toggle on the destination folder shall be enabled.
Limitations
- Currently, Egnyte does not support the migration of domain users group or built-in users/groups. These will be excluded during the migration.
- When running Permissions Simulation or Permissions Migration, if the folder path names are greater than 256 characters, the users will be notified of the folder path issue on the scanning report and will not be eligible for permissions migration or data migration as well. In such cases, there are two solutions.
- Change the default path length by changing the registry key, refer to Microsoft’s documentation here.
OR - Change the folder structure so that the path length comes under 256 characters.
- Run True-up to upload the data according to the new folder structure.
- Run Permissions Simulation or Permissions Migration again.
- Change the default path length by changing the registry key, refer to Microsoft’s documentation here.
Questions? Feature Requests? Other Feedback?
Feature suggestions or requests can be submitted here, with a mention of Migration App in the text.
For more complex requests that would benefit from providing screenshots or other attachments can be submitted to support@egnyte.com. Be sure to include Migration App in the email title. The Support team will push the request to the Product team for consideration.