Best Practices

When using Export/Import to migrate Access Control models between environments, aPriori recommends observing the following guidelines.

• Whenever performing operations that will overwrite existing data, make sure to back up your data first.

• When making modifications and additions to your Access Control configuration, do so in a development & test environment, and deploy it to your production system only after extensive testing. Once the configuration is fully tested, you can migrate the Access Control configuration to the production system.

• When using a development & test system to modify your Access Control configuration, be sure to first export the Access Control configuration of your production environment and import it into your development &test environment. Using the same configuration data in all environments ensures that:

• All environments will operate on the same baseline set of Access Control configurations as a starting point.

• Any test configuration or access control items in a test or development environment will be removed, preventing those items from being migrated inadvertently to the production system.

• When importing an Access Control configuration to a production system, make sure to do it during planned downtime when end users are not accessing the production environment. Security issues could arise if an end user is using aPriori while an Access Control configuration is being imported.

The following example shows the migration of an updated Access Control configuration from a customer test (QA) environment to their production systems:

1 Ensure that the test environment includes all the users from the production environment. (You can do this from scratch, or by creating a spreadsheet and importing it, or by importing from LDAP if you have an LDAP environment. See the User and LDAP management sections of "Chapter 2 System Administrator for more information.)

2 Export the Access Control Objects from the production system.

3 Export the User-Group Associations from the production system.

4 If your QA system contains data that you wish to retain, back it up.

5 Import the Access Control Objects into the QA system.

6 Implement and test changes on the QA system.

7 [Optional] Modify the User-Group Association export file from Step 2 to account for any Group hierarchy changes. (You can edit this file directly.)

8 Export Access Control Objects from the QA system.

9 Back up the production system.

10 Import the Access Control Objects artifact from the QA system into the production system.

11 [Optional] If you modified the User-Group Association artifact in Step 6, also import it into the production system.