EM Server : from 5.7 to 5.8, roles initialization

Hello,

How are you managing roles on a 5.7 platform upgraded to 5.8 ? It seems that a Default role is assigned to everyone by default inside a workspace. But what if a lot of different privileges had been assigned to users, depending on the space ?

Does it mean we have to do screenshots of all existing privileges inside spaces, then see what roles to create, then assign them for each space ?

The roles are not Server-wide. They are configured individually for each space. For instance, the Default role in space A can have a different configuration than the Default role in space B. In other words, the Default role in space A has no relation to the Default role in space B despite having a similar name.

In versions prior to 5.8, there was only one configuration of user permissions in each space (configured in the space settings). When migrating to v5.8 or later, this configuration becomes the Default role in the respective space. Therefore, no action is required - the existing permissions will work as is, but now you have a much more flexible permission management system that allows multiple roles in a space, assigned to various users and AD groups.

Other space settings are migrated as follows:

• If a space had Anonymous access enabled before 5.8, then the Anonymous role becomes enabled in 5.8 and is added to all users and groups in that space, typically in addition to the Default role. Note that the permissions of the Anonymous role can be edited.
• If a space had password authentication enabled before 5.8, then a special system Legacy account is created in 5.8 with the Default role (it can be changed as well).
• All AD groups are migrated without any changes and receive the Default role.
• The Creator role in Catalog is no longer defined by a dynamic license assigned to a user. Instead, an equivalent Creator role is created automatically and assigned to each user who has a Professional license assigned. It also means that the number of Creators is no longer limited by the number of Professional licenses assigned to users.

All in all, our intention was to ensure that there would be no change in user permissions after the migration - it all should work as it was before migration. No need to re-create roles or manage them somehow else. No matter if you had Anonymous, Password, or AD authentications configured - all configurations are migrated seamlessly without loss of functionality or unexpected change of permissions for the users.

Permissions for admins have changed, though, but that's another story (described in the Release Notes).

Thank you. Ok I was probably mistaken. This initialization of roles seems very good !