Audience
Any user of the Migration App.
How It Works
Migration App translates NTFS permissions to Egnyte during the Permissions Migration command in a three-step process.
- It extracts the permissions from the Source.
- It maps those permissions to what they should look like at the Egnyte side.
- Finally, it applies permissions to the files on Egnyte.
Note that during Steps 1 and 2, no information is provided to the User Interface. So until the system begins Step 3, nothing will display on the Migration Dashboard.
For a dataset of approximately 4 million objects, the estimated extraction time for permissions is 1.5 hours, and memory consumption is around 100 MB. The entire Permissions Migration can take longer than the original Data Migration, so plan accordingly.
Considerations
- Before migrating permissions, it's ideal if both users and groups have already been created on the Egnyte platform, although it is possible to migrate empty groups.
- Users can also migrate Azure AD users and group permissions using this tool.
- Migration App migrates permissions for folders. Files inherit the permissions of their parent folder.
- Egnyte recommends running Permissions migration at the very end of a Migration Job, right before cutting over all the users from using the Source to using Egnyte.
- Once permissions are scanned and extracted from the source and mapped to Egnyte (the first two steps), they are then applied at a rate of one folder per second, regardless of the number of permissions aligned with each folder.
- It is not possible to migrate permissions to Private folders on Egnyte.
Mapping
Permissions mapping is detailed below.
|
NTFS Permission |
Egnyte Permission |
| Full Control | Full |
| Modify | Editor |
| Write | Editor |
| Read | Viewer |
| Read & Execute | Viewer |
| Change Permissions | Owner |
| Take Ownership | Owner |
| File Owner | Owner |
| Delete Subfolders and Files | Full |
| Delete | Full |
| Create Files/Write Data | Editor |
| Create Folders/Append Data | Editor |
| Write Attributes | Editor |
| Write Extended Attributes | Editor |
| Traverse Folder/Execute File | Viewer |
| Read Extended Attributes | Viewer |
| Read Attributes | Viewer |
| Read Permissions | Viewer |
- Everyone permission is migrated to include both Admin & Power users.
- Permissions are migrated for the nested groups as well.
- During permission migration, if inheritance is enabled on the source folder, it will also be enabled on the destination folder. The toggle on the destination folder shall be enabled.
Permissions Simulation
Permissions Migration is usually the last step in a migration project, but there are times to do a dry-run before initiating the actual Permissions Migration. A Permissions Migration Simulation provides insights into any missing Users and Groups on Egnyte that will be needed to create before running the final Permissions Migration command.
Prior to initiating either the Simulation or a Permissions Migration, first create all the expected Groups and Users on the Egnyte domain.
Navigate to the Migration Details page. On the Migration Actions menu, select Permissions Simulation.
This will initiate a three-step process.
- First, Migration App scans the source to identify NTFS permissions.
- Next, it scans the destination domain to identify Users and Groups that have already been created.
- Finally, it compares the two to provide insights as to what might be missing.
Depending on the number of permissions on either the source or destination, these scans can take some time to complete.
Once the command has completed, the results will be displayed on the Migration Details page.
Additional information may be found on the Migration Job Report.
Permissions Simulation Results On The Migration Job Report
Click Download Job Report and open the CSV file. The Migration Summary register will include the Permissions Simulation on the list of completed commands.
It is also possible to select the Permissions Migration Simulation register for more detailed information. And the Missing Users and Missing Groups registers will provide a list of anything found missing.
- To know which permissions will be migrated, please refer to the JSON file residing at the following path:
C:\Users\<username>\AppData\Local\egnyte-agent\<migration-id>\perms\eg_perms_<migration-id>_<timestamp>_v3.46.0.json
- Particularly, check for the field called "valid_delta_perms".
- Please DO NOT CHANGE the contents of this file as it will damage the permissions structure.
Permissions Migration
Once the initial scan is complete, users can migrate the permissions for their migration job. Navigate to the Migration Details page. On the Migration Actions menu, select Migrate Permissions.
Users can choose to use the reports generated in the last successful permission simulation. Alternatively, they can choose to generate new extraction and translation reports for permissions migration.
Users can also choose to sync permission deletions from source to destination. The option is unchecked by default and is not applicable for the initial permission migration.
Click on Migrate Permissions after making the choice.
The process to migrate the permissions will begin.
Once the process is completed, the users will be able to view the results of permissions migration. They can choose to migrate permissions any number of times.
Permissions Migration Results On The Migration Job Report
The Permissions Migration tab shows all permissions that were transferred from the source to Egnyte. It includes summary counts for total permissions processed, explicit permissions, successfully migrated permissions, failed permissions, and total permission errors. The details of the permission errors are included.
What If Some Users And Groups Have Not Yet Been Created On Egnyte?
Permission Migration will complete even if some Users or Groups from the Source are not found on Egnyte. These users and groups will be listed in Missing Users and Missing Groups worksheets in the Migration Report.
Create the missing Users and Groups in Egnyte, then run Permissions Migration again or manually apply the appropriate permissions.
Limitations
When running Permissions Simulation or Permissions Migration, if the folder path names are greater than 256 characters, the users will be notified of the folder path issue on the scanning report and will not be eligible for permissions migration or data migration as well. In such cases, there are two solutions.
- Change the default path length by changing the registry key, refer to Microsoft’s documentation here.
OR - Change the folder structure so that the path length comes under 256 characters.
- Run True-up to upload the data according to the new folder structure.
- Run Permissions Simulation or Permissions Migration again.
Questions? Feature Requests? Other Feedback?
Feature suggestions or requests can be submitted here, with a mention of Migration App in the text.
For more complex requests that would benefit from providing screenshots or other attachments can be submitted to support@egnyte.com. Be sure to include Migration App in the email title. The Support team will push the request to the Product team for consideration.