Hi All,
We are trying to migrate users/groups from AEM 6.0 to AEM 6.5, with the goal of all the permissions and privileges retained. I am following this documentation, https://experienceleague.adobe.com/docs/experience-cloud-kcs/kbarticles/KA-16448.html?lang=es-ES. After the migrations, all the original permissions are gone.
Solved! Go to Solution.
If you are going to migrate the users/groups using ACLS then you will have to put those users/groups under "Principle names". If you have a large number of users, those users must be part of a few groups. You can provide these groups name instead of users under "Principle name".
Anyway in your case you have already migrated the users as per the adobe document, right? Unselect "Include principles" and try getting the acls of couple of users. If this doesn't work there might be some issue with acs commons version you are using which we can look into further.
Hi @kevingtan
ACL packager pretty much does the job. I had used this to migrate users, groups and their acls from 6.2 to 6.5 and it worked flawlessly.
I see that you are migrating acls under /content. Is it possible that you have installed acls package first and then installed/reinstalled content package? I suspect this might be one of the reason its not showing up.
Regards,
Jeevan
Interesting. I actually tried it as you said before the content migration a while ago, it failed also. But the failure didn't come from the ACL migration, but because we never reached the ACL migration due to AEM 6.0 has a very strict rule against ACS-Commons. Now we got a version (2.12.0) that works for AEM 6.0, but never tried the ACL migration before the content migration since then. You got a very good point. Thanks for your suggestion.
I was suggesting the opposite of that. The content has to be installed first and then the acls. If you install the content package after installing acls then it would overwrite the rep:policy.
Approach:
1. Created user package in AEM 6.0, and edited it with all the necessary exclude-paths.
Once we created it, downloaded and unzipped it. Modified the mode as `mode="merge"` in META-INF/vault/filter.xml. Then re-zipped it. Uploaded it and rebuilt it, downloaded it again and uploaded it to AEM 6.5 server.
2. Created ACL package via ACS commons, as shown in the attachments above. Then downloaded it uploaded it to the AEM 6.5 server, installed it.
3. Restarted AEM 6.5.
Does anyone have any idea what went wrong?
Thanks!
-k
Are you creating two separate packages for users and ACLS?
Yes, I am.
Why dont you use acl package for both user and acl migration?
The approach I followed was quite simple:
I almost did the same thing as you did. With an exception that the "Package ACL handling" is "overwrite". Also another question, do we have to put all the users in the "Principle names"? I wonder what if we have a few hundred or even thousands?
If you are going to migrate the users/groups using ACLS then you will have to put those users/groups under "Principle names". If you have a large number of users, those users must be part of a few groups. You can provide these groups name instead of users under "Principle name".
Anyway in your case you have already migrated the users as per the adobe document, right? Unselect "Include principles" and try getting the acls of couple of users. If this doesn't work there might be some issue with acs commons version you are using which we can look into further.
@JeevanRaj thanks for all your help!