What is Permissions Mapping?

Explanation of Permissions Mapping

  • An optional component.
  • Licensed in 2500 user increments.
  • Currently not available for Alfresco via CMIS however we can develop that function via the native Alfresco API (requires assessment) at an additional cost if required.** 
  • This is not a standard feature and SkySync does not perform this operation by default.
  • Note that systems like SharePoint, Alfresco and NFS permissions are ACL-based, whereas most clouds storage Services are “waterfall” based. Since these systems differ on how permissions are managed (please refer to the graph below), SkySync will attempt to migrate as many as it can. If it can’t move one, it will log it and notify the system administrator who will then need to set it manually.

When implementing Permissions Mapping, the users and/or groups on the destination platform must be created manually ahead of time as SkySync does not provision those entities.  Then, using the tools in SkySync, a mapping must be established between the groups and users on the source side (ex. from AD) to the destination side (ex. Box side).  The defaults allow for searching by name or ID, so if they are identical, SkySync will link them up automatically.  If they are not, SkySync provides the tools to map the exceptions or import lists from csv.
SkySync will translate the permission intentions to match the platforms (ex.  Read on disk -> Viewer on Box, Full Control on disk -> Co-Owner in Box).  SkySync utilizes the various storage platforms API’s to search/map the groups and sets sharing on folders and files during the migration.  Where SkySync cannot move a permission (user account not found, waterfall permission/disinheritance not allowed, etc.) it will raise a warning to the admins.  Also, SkySync's pre-sync analyzer tool will show what users/groups are involved and which items could not be mapped prior to starting any transfer.
We recommend provisioning the Storage platform with the same users and groups that you would like to move permissions on, either manually or via other tools (Okta with AD integration ,etc.).  The closer the two sources are, the more simple the mapping process.  Then establish the mapping in SkySync as part of the job.  Enabling the “Permissions Migration” feature on the job will then take care of the rest of the mapping automatically.

Permissions Cross-Platform Equivalency

The following table details the various permissions that SkySync can map between a Network File System and Cloud providers:


Please contact Portal Architects Support for assistance with this article.

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk