How to handle permissions during a Documentum migration?
by Remco Steelink, on Mar 15, 2018 12:00:00 AM
A content migration from EMC Documentum to a new repository is difficult. Most of the times your users don’t care about the effort you’ve put into it. They expect to have the same access to folders and documents as they had before. Furthermore, security officers expect that in the new repository users can only access the content which they need to do their jobs. So, an important question is: ‘How do you handle permissions when migrating out of Documentum?’
Migrating data (content and metadata) is already very complex, but migrating user and group permissions from a documentum repository to a new repository can be even more frustrating and can make the migration project fail if not carefully thought out. The reason why migrating permissions is difficult is because of the difference in the structure of the permission model in Documentum compared to the new model. Let’s take an example and say your organization would like to migrate from Documentum to Box.
Whereas Documentum has permissions like read, write, delete, version and none, Box uses completely different permissions. Also, Box uses standard collaborator roles, such as contributor and consumer, that have certain permissions attached to it. Furthermore, content might also have been restructured. For example, a file is moved to a folder that the user does not have access to. Simply mapping the permissions of the source to target permissions is therefore not enough. It needs some more work.When migrating content and permissions out of Documentum there are 4 main steps you should take, with regard to permissions:
- 1. Export the Access Control Lists (ACL) out of Documentum using the REST API or DQL so you can analyze which permissions are set on the to be migrated Documentum objects.
- 2. Ask the business to review this analysis and maybe delete inactive users or change/determine ownership of content.
- 3. Map the permission model of the source system to the target system model, as much as possible. In most cases, an additional manual step is necessary to map the permissions.
- 4. Manually determine permissions for groups (and sometime users) based on metadata, for example content types and confidentiality of documents.
Depending on your organization’s structure it can be complex to transfer Documentum permissions to a new environment, especially if you choose to restructure your content. It is possible to create a mapping, but you will need to create a migration plan to execute this process, taking into account that the result should have as little impact as possible for the end-user. A vendor with enough migration experience can help you to restructure the permission model and apply the correct permissions to your migrated content.
Migration from Documentum to Nuxeo
This video demonstrates how we export content from Documentum to Nuxeo using our migration technology.