Hi Community!
as there is no out-of-the-box way of deploying permissions from one system to another, I'm currently trying to achieve this via SQL.
I'm able to add a static SQL script to the package and it will be executed fine on the target system. My problem is that the content of the SQL script is not static. I have to execute an SQL script in the source system to get all the information about the current permission setup and then use these results to build the update/insert statements for the target system.
Did anyone try to accompish this before?
Thanks for any hints!
Like
Dear Robert,
Organization Roles can be transferred only by SQL scripts. Functional roles are transferred by binding data of the System administration object. The rights to existing records should be transferred via scripts as well. To distribute rights to new records you can either set up a business process or configure object permission directly on the production environment.
Best regards,
Angela
Angela Reyes writes:
Dear Robert,
Organization Roles can be transferred only by SQL scripts. Functional roles are transferred by binding data of the System administration object. The rights to existing records should be transferred via scripts as well. To distribute rights to new records you can either set up a business process or configure object permission directly on the production environment.
Best regards,
Angela
Thanks Angela!
But the question is how can I transfer the definition of the permissions, without rewriting the SQL script over and over again?
Is the following procedure the only way?
- Select the current permissions manually with SQL
the tables are:- SysEntitySchemaOperationRight for object permissions
- SysEntitySchemaRecordDefRight for record permissions
- SysEntitySchemaColumnRight for column permissions
- transform the result to and insert/update statement
- save those scripts in the package SQL section
- export/import package
And do I have to/am I allowed to truncate those 3 tables first?
Is there a stored procedure that applies the new permissions on the target systems' records?
Thanks a lot and best regards
Robert Pordes,
Your description is almost correct. Please see all steps:
1. Create scrip for update/ insert records from SysAdminUnit table to use these records in the next steps
2. Select the current permissions manually from SQL the tables:
2.1 SysEntitySchemaOperationRight for object permissions
2.2 SysEntitySchemaRecordDefRight for record permissions
2.3 SysEntitySchemaColumnRight for column permissions
2.4 Also there are tables like Sys{ObjectName}Right (e.g. SysAccountRight) in which record rights are stored, so you should create script for each object.
3. Transform the result to and insert/update statement
4. save those scripts in the package SQL section
5. export/import package
Best regards,
Angela
Hi Angela,
thanks, but aren't the tables Sys{ObjectName}Right storing the applied rights (they will be populated by clicking "update record permissions", correct?). If I create scripts on eg DEV system, the data will not be the same! I mean we will definitely have different eg. account and contact records on dev/test/prod system.
That's exactly why I asked this in my previous post:
Is there a stored procedure that applies the new permissions on the target systems' records?
Thanks,
Robert
Robert Pordes,
There is no stored procedure. This is why I suggested workarounds like
binding data and business processes.
Best regards,
Angela