9.2. Configuring User Security Mapping
Updated at: Created at:
Example: Download a User template, modify the CSV file to add user mappings and import the modified file.
Select Migration Preparation Phase> Security Information Mapping and then on the User card, select the Download Template icon. The .CSV file will be populated with user information that may need to be mapped to a suitable target.
Edit the .CSV file to add a Target type and Target value that exists in the Target. Only the Target_Type and Target_Value columns need to be edited.
Target_Type - Defines whether the entry should be mapped to a User or Group in the target. If a user UPN is external then external sharing needs to be enabled on the tenancy. Target_Type should only be Group if using SharePoint Groups.
Target_Value - UPN for the respective user or group.
NOTE: A user may appear in two rows, as both a “Display Name” and an email address as shown in the example above and both of these need to be assigned target values.
NOTE: The .CSV file is populated using values from the CreatedBy and ModifiedBy fields in the source. So additional entries may be required.
Once completed, the modified file should be imported by selecting Import icon on the User card and select the updated security mapping file.
The process for modifying Groups and Permissions is the same as for Users.
Target Content Types may contain User or Group type fields which may need to be populated during migration. The information in these mapping tables will be used to map source values to new target values for these fields using the GetMappedUser function.
Note: If an entry has no target information or the target value specified does not existing then the relevant items will fail migration. Security Mapping ‘Catch All’
After import, use the Validate User details option to check the target details are correct and review them using the Download Verified Security Mapping option.
In some scenarios, e.g. if a user has left the company, it makes no sense to map security entries for these users and often these users are not in the target system at all. However, the target platform may still require some user information to allow the items to be created and thus migrated.
Within the security mapping file a ‘Default’ value can be specified which is used for any user that does not appear at all in the User Mapping table.
Example Default User Mappings Entry
| Mapping_Type | Source_Type | Source_Value | Target_Type | Target_Value |
| User | User | Default | User | orphanusers@acme.com |
In the above case, any users with no entries in the mapping file with be assigned the specified target value. If a user entry is added but target information is blank or does not exist, the items will fail migration. So, it’s important users without a value target entry are removed from the mapping table.
If no default entry is specified, then any items without an unmapped user or group will fail with an error similar to: -
Error: Failed: Get Mapped User: Did not find Mapping for User: [acme\shelleyp]
If a user or group is mapped to a target that does not exist, the migration will fail with an error similar to: -
Error: SharePoint Error: The specified user percey.shelley@acme.com could not be found Default entries can be applied both to user and to groups.
9.2.1. Processing empty source user fields
In some cases, the User field in the source system may be blank, in that case a User entry for PVQ_BLANK will be listed in the downloaded user mapping file. The target value for this should be the UPN for an account to be used when the source user field is empty.
If an entry with a target value of PVQ_SKIP is created, then the value specified in the Default User field on the relevant source connection will be used for empty User fields.
| Mapping_Type | Source_Type | Source_Value | Target_Type | Target_Value |
| User | User | Use Default User Value | User | PVQ_SKIP |
9.2.2. Verifying User Mappings
The target address specified for users in security can be validated before actual migration using the Verify option.
Selecting this option with check each target address to ensure it is valid and report any errors.
After the check is complete, select the “Download verified security mappings” option. This will generate a report which is in the same format as the user mapping report that was imported but includes a new 'VerificationResult' column with the status of the verification of the target, (either “User found”,”User not found” or “Target not specified”). Review the report and if any entries have the “User not found” or “Target not specified” status then correct these in the mapping file or target system as appropriate, delete the existing mapping and import and verify again.
9.2.3. Sample Security Mappings
Example User Mappings
| Mapping_Type | Source_Type | Source_Value | Target_Type | Target_Value |
| User | User | EVAdmin | User | evadmin@acme.com |
| User | User | Percy Shelley | User | percy.shelley@acme.com |
| User | User | Nevil Hanson | User | n.hanson@acme.com |
Example Group Mappings
| Mapping_Type | Source_Type | Source_Value | Target_Type | Target_Value |
| Group | Group | Senior Leadership | Group | slt@acme.com |
| Group | Group | Security Team | Group | Security@acme.com |
| Group | Group | Data Protection Team | Group | dp@acme.com |
Permission Mapping
NOTE: If there is no requirement to migrate container or item level security but to migrate only CreatedBy and ModifiedBy fields, then permission mapping is not required.
Example Permission Mappings
For Mapping type permission, Mapping_Type, Source_Type and Target_Type are always the same as above, it’s only the mappings in Source_Value and Target_Value that will need to be changed.
The target values should contain the permission role. E.g. Contribute, Full Control or whatever additional roles the site administrator may have created.
Comments