Migrating existing users and roles to a new CollectionSpace system

This document describes how to migrate existing users and roles to a new CollectionSpace system.

In CollectionSpace, data related to:

• Authentication (identifying users who can access the system); and

• Authorization (assigning roles to those users, and, in turn, granting various permissions within the system to those roles)

is stored in tables in a cspace database.

The data in that database can be imported when you upgrade to a newer version of CollectionSpace, so that you can bring along your existing users, roles, and permissions when you migrate to the newer system.

If you have a significantly older CollectionSpace system, running version 3.2 or earlier, however, you'll need to first run a SQL script to perform a slight cleanup of your older data:

• To reflect a subsequent change to one administrative role: role 0 is now associated with an 'ALL_TENANTS_MANAGER' role with relatively specialized privileges, replacing a legacy 'ADMINISTRATOR' role that formerly had superuser privileges.  (This change was made in version 3.2.)

• To add a single column to one table: there is now a 'disabled' column in the 'tenants' table.  (This change was made in version 3.2.1.)

In both cases, you can find step-by-step instructions on migrating your users, roles, and permissions in the comments at the top of that 'cleanup' SQL script:

clear_role_0_admin.sql

Carrying out Step 6 in those instructions - running the 'cleanup' script - is only necessary if you have an older system whose data predates one or both of the two changes listed above. (Those instructions also can help you identify whether you have such an older system.) However, if you accidentally run the 'cleanup' script against a newer cspace database, that shouldn't be a problem: the script is designed to handle that gracefully, as well.