Standard job: you select files or, in some cases, multiple accounts from the source for transfer. In a standard job, these files or accounts will all go to a single location on the target: a single main folder (if you have configured a folder in the job) in a single account. In the case where multiple accounts are selected on the source, each account will be transferred to its own subfolder, labelled with account name, on the target.
User mapping job: accounts for users on the source each are mapped to corresponding peer accounts on the target. The files from each account on the source are then transferred to a designated account on the target. So you have many accounts on the source that are moved to many accounts on the target.
Permission mapping job: a permission mapping job has all of the elements of a user mapping job, PLUS folders are shared on the target. You can choose to transfer shares from the source to the target, or you can apply completely new or different shares to the target. Note that application of shares may be subject to the limitations of the target service provider.
Owner-Based Mapping: In Owner-based mapping, CFP will go through all the data selected for transfer and identify the owner of each file and folder. At the end of the user mapping spreadsheet generation, all file and folder owners are listed as source owners in the owner tab of the spreadsheet. When you map a given source owner to a target account, all of that source owner’s files will go to the mapped target account – regardless of where the files are located in the source data. Owner-based mapping can be a useful method for project and other team-based data on Windows-sourced jobs, where many users have pooled data in various folders. It is also the preferred method for cloud service sources such as Box and Dropbox, where the data space and data ownership are organized by accounts rather than having a shared common space for data.
Path-Based Mapping: In Path-based mapping, CFP disregards who owns the files in a given folder. The entire contents of a given folder, including all of the subdirectory structure, are transferred to an account that you specify. This is very popular for transferring user directories, which may have scattered files from the admin who set up the original directories or other random files that are owned by other users.
On Windows, ownership of a file is generally assigned to the user who was logged in at the time that the file was created. To find out who owns a given file, right click on the file, go to Properties > Security tab > Advanced > Owner.
If you have selected owner-based mapping: the paths tab of the spreadsheet you download from CFP lists the folders that are currently shared on the source in the paths tab – not the folders tagged for transfer. If none of the folders are shared on the source, they won’t appear in the paths tab.
If you have selected path-based mapping: the paths tab of the spreadsheet will list all of the top-level folders in your job.
The Source File/Directory in the CFP job configuration is where you select the folders and files for transfer. If you want to add folders to be shared on the target, you may add them to the paths tab. Contact Tervela support for information on how to set this up.
To get an idea of how big your job will be, what will transfer, and which accounts various items will go to, run a simulation after you have configured and loaded your map spreadsheet.
BUILTIN\Administrators is an administrative user group in the Windows operating system that frequently ends up being the one who sets up user accounts. BUILTIN\Administrators will only appear in your spreadsheet if that group owns or shares some of the data you selected for transfer – and it may still own user folders from when the users’ accounts were first provisioned. Like everything else in account mapping, if CFP finds an owner on the source, you will need to direct which account that data will go to on the target – and BUILTIN\Administrators is no exception. So no, under most circumstances, you should not delete it. Here’s what you do:
- Look at the Groups tab and find ‘BUILTIN\Administrators.’ The adjacent Information column will tell you whether BUILTIN\Administrators is an owner of some of the data, a sharer of the data, or both.
- If it is an owner of data (most common scenario), map it to a desired admin account (e.g., firstname.lastname@example.org) on the target in the Target Owner field of the Groups tab.
- If it is a sharer of data, map it to a group on the target (e.g., ‘Admins’) in the Target Group field.
- If it is both an owner and sharer, fill out both the Target Group and Target Owner fields.
- If you are doing Path-based mapping, the directives for your folders in the Paths tab will be followed, and the only time that the BUILTIN\Administrators mapping will kick in is as a fallback for when there is no directive on the Paths tab. This can happen if a folder is missing from or misspelled in the Paths tab. Otherwise, if you have a folder in the Paths tab that is owned by BUILTIN\Administrators, it will still go to the account that you specify in the Target Owner field of the Paths tab.
Even though you have a folder where the folder name is ‘username,’ the owner of some or all of the files in that folder may be BUILTIN\Administrators. Folder name, folder owner and file owner are three completely separate entities in Windows, and the default for CFP is to assign files and folders to target accounts based on who owns them on the source. This means that you can have a folder called ‘joe.smith,’ but that does not guarantee that email@example.com is the owner of all of the files in that folder. Any files and folders that are owned by BUILTIN\Administrators, for example, will be sent to the target account for BUILTIN\Administrators. If you want the full contents of the username folder to go to a single firstname.lastname@example.org account, see path-based mapping instructions. Running a simulation before you do the actual data transfer job can be very useful in understanding exactly where your data will end up on the target.
Many service providers use waterfall permissions. In waterfall permissions, files and folders further down the directory tree can have more permissions than (or the same permissions as) the parent folder, but they cannot have fewer permissions. If a file or folder does have fewer permissions than a parent, upon transfer, it will inherit all permissions from the parent folders in which it resides, meaning more people will have access to that subfolder on the target. This can create a security breach for confidential information, so CFP will mark the affected data as a “skip.” If you want to transfer the data tagged as a ‘skip,’ please do the following:
For files, simply delete the row of the spreadsheet where the file is listed. Most service providers do not share files; they only share the folders in which the files reside.
For folders, delete the ‘Yes’ for the affected folder from the ‘Skip?’ column. Adjust the sharing so that a conflict with upstream directories is resolved.
You will also see skips listed on a spreadsheet if you are going from a platform that supports nested sharing to one that does not.
Open the accounts chooser and wait for all of your accounts to load. In very large accounts, this process can take a few minutes. Click the Export button to start a download of all of your accounts. Rename the downloaded file so it has a .csv extension and save it as the master file for all your accounts. Edit a copy of this file if desired to just restrict your job to a select set of users. You can then import that file into other jobs using the Import button. So once you have that master set of users in a .csv, you no longer have to wait for the Accounts chooser to load.
CFP generates a list of target users that it found at the time of map generation, and stores them to the database for validation. Those target users also appear at the bottom of the Users tab of your spreadsheet in Column B. These are the only valid target users for the job. If you add users to your target account after the map generated, CFP will not know about them. A quick fix to this issue is to run a Rescan Target Accounts/Groups scan, which will only scan for new target users. Once that scan is complete, you can upload your existing edited spreadsheet and it will validate. You don’t have to download the regenerated spreadsheet and repeat your edits; the important thing is that the new target users have been saved to the CFP database, and that’s what drives the validation.
A distribution list is a list of emails, and will often appear as external as it is not a real internal user and with an ID. CFP can only see it as an email address and share it according to whatever the map specifies. It will not know this is a distriubiton list.
So if there is an email “email@example.com”, and that email is, for example, a Contribute set in the column, then it will make “firstname.lastname@example.org” a Contribute sharee on the target.
From there, what happens is based on each recipient on the distribution list. If a recipient is a user who happens to have access (directly or inherited), then they will have access. If the recipient is a member of a group who has access, then they will have access by virtue of their group membership. If they do not have access then they won’t be able to see or modify the file/folder.
To ensure that sharing is migrated please follow the steps below:
- obtain a list of who is on the distribution list (users and/or groups)
- In the generated permissions map, in the paths tab, replace the distribution list email with the users and groups in the appropriate columns (you can even do find and replace)
- That would effectively bypass the distribution list. It would pretend that instead of the list it was just the users on the list.