Frequently Asked Questions (FAQ) - Permissions Converter
The Permissions Converter is a tool used to migrate existing Permissions and Permission Sets from an Okapi Folio to a Eureka Folio (Capabilities and Roles).
π General Questions
Q1: What is the goal of this tool?
A: To preserve as much as possible of the existing Permission Sets and their structure - while preserving user privileges - when migrating from an Okapi-based to Folio version to a Eureka-based one.
Q2: Why is this migration necessary?
A: In transitioning to a Eureka-based platform, Folio strengthens authorization and authorization. This includes moving away from the nested Permission Set model to a flat Roles model.
π Technical Questions
Q3: What does βflatteningβ mean in this context?
A: With Okapi, it was possible to compose Permission Sets by including ("nesting") other Permission Sets with no limit on the depth to which they were included. With Eureka, Roles cannot be nested resulting in a "flat" structure rather than an opaque hierarchy.
Q4: What are Eureka Capabilities and Roles?
A: Capabilities represent system defined privileges which may be assigned to users. They are derived from each module's definition of permissions, the actions they represent and the resources they target. Roles are admin user defined groupings of Capabilities which allow for easy assignment and management of Capabilities to users. Roles are flexible and may be tailored to model the structures of each institution.
Q5: What are these cryptic numeric roles created by the tool?
A: During migration, system-generated roles are created as part of the flattening process and to ensure that user privileges are maintained. These system-generated roles - recognizable by their UUID names - are then refactored by this tool and their Capabilities are re-mapped to the Roles which have been created from the existing Permission Sets.
π οΈ Implementation Questions
Q6: What are the key steps in the migration process?
A:
Permission Sets are flattened: the Permissions they contain - at any level of nesting - are interpreted and corresponding Capabilities are derived and placed in temporary system generated Roles.
Individual Roles are created for each existing Permission Sets, preserving the original name.
Capabilities are moved from the temporary system-generated Roles into the appropriate named Roles according to the tool's algorithms.
User are assigned the appropriate new Roles so as to preserve their existing access.
Administrators may then adjust the resulting set of Roles and their assignments within Folio.
Q7: Where can I preview Eureka's Roles and Capabilities?
A: The Sunflower BugFest is on Eureka and provides Roles and Capabilities.
Q8: How is the output of the tool validated?
A: The tool produces an extensive Excel report which details the state of Okapi based Permissions and Permission Sets and their corresponding Eureka-based Roles and Capabilities.
π Analysis & Reporting Questions
Q9: How can I preview the results of this tool?
A: Upgrading from Okapi Folio to Eureka Folio requires migrating to a freshly created Eureka Folio deployment The new post-migration Eureka Folio can serve as a preview environment until it is promoted..
Q10: Can multiple users share the same role?
A: Yes, of course. That is the very reason why Roles exist!
Q11: What are this tool's algorithms?
A: The first responsibility of the tool is to ensure that all users have Capabilities that maintain equivalent privilege levels after migration to Eureka Folio. The next responsibility of the tool is to preserve all existing Permission Sets with Roles having the same names. The tool's algorithms are used to create the new Roles and populate them with the appropriate combination of Capabilities. Finally, users are assigned Roles that deliver the necessary Capabilities to ensure preservation of their existing access.
π Resources & Support
Q12: Where can I find documentation and code?
A:
Jira Ticket - UXPROD-5384
Permission Set Converter (Google Doc)