The ultimate goal is that CFP must have a complete and unambiguous directive on where you want your data to go on the target, but it also provides you with an extensive library of directives to send your data to the target in flexible configurations and sharing relationships.
CFP by default uses the owner of a file or folder on the source to suggest the owner on the target. This is a good option if you are migrating Windows home directories and you wish to use a part of the source path to determine the target owner. As with all the CFP instructions in the map, you can adjust these defaults to fit your specific needs.
What is the difference between a user mapping job and a permissions mapping job?
User mapping job: accounts for users on the source each are mapped to corresponding peer accounts on the target. The files from each account on the source are then transferred to a designated account on the target. So you have many accounts on the source that are moved to many accounts on the target.
Permission mapping job: a permission mapping job has all the elements of a user mapping job, PLUS folders and, in some cases files, are shared on the target. You can choose to transfer shares from the source to the target, or you can apply completely new or different shares to the target. Note that application of shares may be subject to the limitations of the target service provider.
Determining Target File/Directory Ownership:
Account mapping jobs that have a Windows source will display two options on the Accounts and Files page:
- Use the name of a directory on the source system (also called Path based mapping)
- Use the file owner from the source system
Use the name of a directory on the source system: Select this option if you are migrating Windows home directories.
- CFP disregards who owns the files in a given folder. The entire contents of a given folder, including all the subdirectory structure, are transferred to an account that you specify. This is very popular for transferring user directories, which may have scattered files from the admin who set up the original directories or other random files that are owned by other users. The paths tab of the mapping spreadsheet will list the source home directories along with auto matched users for that data. You can edit the spreadsheet to suit your unique needs, and must also complete any blank Target User listings.
Use the file owner from the source system: Select this option if you are migrating from a shared filesystem, such as Egnyte or a Windows file server.
- CFP will go through all the data selected for transfer and identify the owner of each file and folder. At the end of the user mapping spreadsheet generation, all file and folder owners are listed as source owners in the owner tab of the spreadsheet. CFP will do its best to auto match source accounts to target accounts, but some source > target accounts that are not similar in name will need to be manually entered into the generated spreadsheet. Every source owner will need to be mapped to a target owner, or skipped. If you have selected the file owner option and skip an owner of data, their data will be skipped, or not transferred. Skipped files will be reported as such in both simulation and transfer reports.
- When you map a given source owner to a target account, all of that source owner’s files will go to the mapped target account – regardless of where the files are located in the source data. Owner-based mapping can be a useful method for project and other team-based data on Windows-sourced jobs, where many users have pooled data in various folders. It is also the preferred method for cloud service sources such as Box and Dropbox, where the data space and data ownership are organized by accounts rather than having a shared common space for data.
- Be aware that the paths tab is a list of directives for sharing, redirects and data skipping. When a Windows source spreadsheet generates with the “Use the file owner…” option selected, the paths tab will only list the data that is shared. It will not list all of the data in your data set, nor will it list the owners of your data. The analysis report that is generated alongside the map during the generation run will list all files and folders and the owners of each item. These reports have extensive search utilities, so you can quickly track down items such as what data is owned by an SID user who has been deleted from the Active Directory.
Ignore Permissions – Spreadsheet-wide Settings
The following two settings will apply to both the Paths tab and Path Conflicts tab. These options are used to limit large listings on the Path Conflicts tabs where there are many Windows files whose permissions differ from their parent folder, and the target platform does not support that. They can also reduce the overall size of the Paths tab listing if you have a large directory in which permissions on one or two items at a given level differs from the rest of the items.
IGNORE PERMISSIONS ON FILES: Select Manage Permissions on Files to list files in the spreadsheet whose permissions are different from their parent folders. Select Ignore Permissions on Files to remove all file listings from the spreadsheet, and apply the most immediate parent folder’s permissions to the file:
IGNORE ACLS BELOW THIS DEPTH: Enter the number of levels of folders that you wish to list permissions on in the spreadsheet:
The currently selected directories will be level 0, the children of those directories will be level 1, and so on. For example, if you have Home/User0 and Home/User1 selected on the source, and the folder depth is 2, permissions for Home/User0/Folder1/Folder2 ACLs will be listed (remember that Home/User0 is the selected directory, so that is level 0), while Home/User0/Folder1/Folder2/Folder3 will not be listed.
NOTE: If you are using Ignore ACLs Below This Depth in conjunction with Ignore Conflicts Below this Depth, this is how it works: Ignore ACLs Below this Depth is the macro setting. It will ignore all permissions – conflicts or otherwise – for the entire spreadsheet beyond the depth you specify. What you can do is specify a depth of, say, 6 for the Ignore ACLs Below this Depth setting, and then specify a depth of 3 for the Ignore Conflicts setting to further limit the folder depth on the Path Conflicts tab. That will result in a max of 6 folder levels on the Paths tab, and a max of 3 folder levels on the Path Conflicts tab. If you just leave the Ignore Conflicts setting blank, it will inherit the value in the Ignore ACLs field.
Ignore Permissions – Conflicts
The following settings will only apply to the Path Conflicts tab.
IGNORE PERMISSIONS CONFLICTS ON FILES: In the Settings page of the mapping job, select Ignore Permissions Conflicts on Files from the Ignore Permissions Conflicts on Files radio button group:
This will eliminate files from the Conflict Paths tab.
This feature is only supported for platforms where:
- Waterfall permissions are followed for the target platform. The Ignore Permissions Conflicts setting will not be applied, and files will still be listed in the spreadsheet, for target platforms that support restricted permissions.
- The file has additional permissions, but file sharing is not supported on the target.
Also keep in mind:
- Target adapters that will honor the Ignore Permissions setting and not list files in the spreadsheet with reduced permissions include Box, Dropbox, Egnyte, and ShareFile. Dropbox will still list files with permissions if the shared files are not nested, as file sharing is supported via the Dropbox API.
- For Dropbox targets, conflicts due to nested sharing will be listed in the Path Conflicts tab of the spreadsheet. If the data is going to a team folder, you will want to remove the skips set to yes so the data is transferred.
IGNORE CONFLICTS BELOW THIS DEPTH:
A folder depth of 0 will be the folder selected for transfer in the job configuration. A folder depth of 1 will be the selected folder’s immediate child, or subfolder.
For cloud service providers that conform to waterfall permissions, this will eliminate reduced permissions conflicts below the specified depth. For Dropbox, this will also eliminate nested share conflicts below the specified depth. For cloud providers such as Egnyte that support both nested and reduced permissions, this setting will have no effect.