Create or update a security principal data map
Best practice: If a user or group has administrative privileges in the source environment, ensure that the corresponding user or group in the destination environment also has administrative privileges. If the security principal does not have appropriate privileges, users can encounter problems accessing objects.
To create a security principal data map for a source-destination pair:
- In FileNet Deployment Manager, right-click the source-destination pair and click Open.
- If security principal data is not to be used when data is converted for import, clear the Use option for the Security Principal Map.
If you clear this option, the security principal data map is not used and, therefore, does not need to be populated. You can skip steps 3 and 4.
Best practice: Clear the Use option only if you are sure that all referenced principals have the same names and IDs in both environments. Typically, the principals have the same names and IDs only if the environments use the same LDAP. If you are not sure, leave this option checked.
- Click the Map Data button for the Security Principal Map.
FileNet Deployment Manager maps the user or group in the destination environment that corresponds to each user or group in the source environment, and updates the security principals data map to reflect these mappings.
- If the data map contains users or groups that FileNet Deployment Manager could not map, perform one of the following steps to resolve the unmapped entries:
- Modify the users and groups in the environments to eliminate the inconsistencies. Then, re-create the half maps and the data map.
- Re-create the principal half maps with different selection criteria and then re-create the data map.
- Edit the half maps to add matching labels for any unmapped users or groups. Then, re-create the data map. For more information, see Edit labels in half maps.
NOTE If you use labels to resolve unmapped entries, be aware that FileNet Deployment Manager supports only a one-to-one correspondence between mapped principals. That is, you can use a given label for only one source principal and one destination principal. Assigning the same label to multiple principals in either environment can cause unexpected behavior.