Role-Based Access Control (RBAC) is a new feature in Tachyon platform 5.0 to enable administrators to control which Tachyon applications, tasks and data are accessible to specific users. This page outlines the roles associated with using and managing Application Migration and how they are configured.

Application Migration does not have any granular role-based access within the application yet, but the Application Migration Administrator role must be assigned to Application Migration users to enable them to use the elements of the Tachyon platform that Application Migration uses. Other platform roles will be required in order to complete some post-installation setup and ongoing management of the platform necessary for Application Migration to function but not considered part of the day-to-day operation of an Application Migration administrator.

If you upgraded SLA Platform 3.3 to Tachyon 5.0, all previously defined users will be present in Tachyon, but will not be assigned any security roles. You will need to assign the appropriate roles after upgrading the platform.

On this page:

Application Migration roles


Platform Administrators

Application Migration is a Tachyon platform application and has a dependency on certain platform components, such as Users, Connectors and optionally Management Groups, Tasks associated with these components would typically be performed by a platform administrator (a user with the Global Administrator role). In smaller organizations, or ogranizations only using the Tachyon platform for Application Migration, it is likely that the same one or two people will be responsible for managing all aspects of the platform as well as managing Application Migration. In this scenario it is likely that those users would be assigned the Global Administrator role in the Tachyon platform. Other organizations may be using several Tachyon platform applications and may want to restrict the number of users that have the Global Administrator role. The following Tachyon security roles will be required as a minimum to complete the tasks outlined in Getting started with Application Migration.

  • Permissions Administrator

  • Inventory Administrator 

  • Connector Administrator

  • Schedule Administrator 

  • Management Group Administrator

  • Application Migration Administrator

Refer to Tachyon 5.0 - Users page for details on how to add users and assign security roles in the Tachyon platform.

Application Migration Administrators

In order to use Application Migration, users must be added and assigned the Application Migration Administrator role in the Tachyon platform. The Application Migration Administrator role is added to Tachyon platform when Application Migration is installed, so you will need to install Application Migration first, then add users and assign them to the Application Migration Administrator role as required. The table below details the permissions assigned to the Application Migration Administrator role:

Name

Type

Permissions

Connector

Connector

Execute.

Process log

Process log

Read.

Repository: Inventory

Repository: Inventory

Read, Write, EvaluateManagementGroups, Populate.

Inventory

Inventory

Read.

Inventory: Association

Inventory: Association

Read, Write, Delete.

Repository: Application migration

Repository: Application migration

Read, Write, Delete, Archive, Populate.

Account used by Application Migration Task Sequence step 

The Application Migration Task Sequence step requires user credentials to connect to Application Migration during Task Sequence execution. The Application Migration Task Sequence step can use either a dedicated user account or the Configuration Manager Network Access Account to connect to Application Migration. In either case, the account must be added as a Tachyon user, but it does not require any specific roles to be assigned.