Some of you already have migrated exiting apps to Axon Ivy 10. There we made fundamental architectural improvements how you can split your projects in multiple applications and run them in the same security context. Learn more about this here:
You may have read, that you only need one security context. And one is already pre-installed in all Axon Ivy Engines. This one is called default
. But when you migrate from an older Axon Ivy Engine, we will create a new security context for every existing application. This is done, to be as much as possible backward compatible. If you now only have one application you may want to run your application in the default security context.
At the moment it is not possible to move one application to another context. Therefore you need to execute some specific SQL on the database.
Pre-Requirements
- FIRST OF ALL. Make a backup of your system!
- This only works:
-- If your default security context is not already in use. Which means it is empty!
-- You can not merge two applications into the default security context with this script! There needs to be done more.
1) Prepare
First of all, shutdown your running Axon Ivy Engine and make a backup of your system database!
2) Inspect
Let's check all available security systems:
SELECT * FROM IWA_SecuritySystem;
+------------------+---------+----------------------+
| SecuritySystemId | Name | SecurityDescriptorId |
+------------------+---------+----------------------+
| 0 | system | 1 |
| 1 | default | 3 |
| 10 | myApp | 2 |
+------------------+---------+----------------------+
You will need to know the SecuritySystemId
of your security system you want to migrate. And also keep the SecurityDescriptorId
of the default
security system and your security system.
P.S: The SecuritySystemId
of the default
security system is always 1
.
3) Migrate
This script has been tested on MySQL. But I'm pretty sure, that this should run on all other database management systems.
-- Execute with CAUTION! Make a backup first!
-- PART 1:
-- We assign all data to the default security system!
-- Delete role 'Everybody' of security system 'default', so that role 'Everybody' of your security system can be migrated
-- Delete user 'system' of security system 'default', so that user 'system' of your security system can be migrated
-- Delete languages for of security system 'default', so that all languages can be migrated
-- You need to replace: SecuritySystemId = 10 --> with the id of your security system
UPDATE IWA_Application SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
UPDATE IWA_SecurityMember SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
UPDATE IWA_Case SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
UPDATE IWA_Task SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
UPDATE IWA_WorkflowEvent SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
UPDATE IWA_IntermediateEvent SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
UPDATE IWA_SignalEvent SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
UPDATE IWA_BusinessData SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
DELETE FROM IWA_Role WHERE SecuritySystemId = 1 AND Name = 'Everybody';
UPDATE IWA_Role SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
DELETE FROM IWA_User WHERE SecuritySystemId = 1 AND Name = 'system';
UPDATE IWA_User SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
DELETE FROM IWA_Language WHERE SecuritySystemId = 1;
UPDATE IWA_Language SET SecuritySystemId = 1 WHERE SecuritySystemId = 10;
-- PART 2:
-- We change the security descriptor of the 'default' security system with your current security descriptor.
-- And we delete the old security descriptor.
-- You need to replace: SET SecurityDescriptorId = 2 --> with the id of your current security descriptor
UPDATE IWA_SecuritySystem SET SecurityDescriptorId = 2 WHERE SecuritySystemId = 1;
-- You need to replace: SET SSecurityDescriptorId = 3 --> with the id of the default security system before.
DELETE FROM IWA_SecurityDescriptor WHERE SecurityDescriptorId = 3;
-- PART 3:
-- Delete the old security system
-- You need to replace: SecuritySystemId = 10 --> with the id of your security system
DELETE FROM IWA_SecuritySystem WHERE SecuritySystemId = 10;
4) ivy.yaml
You may have configured your security system in ivy.yaml
. Now you need to move those configurations to the default
security system, e.g:
Before:
SecuritySystems:
test-license-order:
Language:
Content: de
Formatting: de_CH
After:
SecuritySystems:
default:
Language:
Content: de
Formatting: de_CH
5) Start
Now you can start your Engine Axon Ivy and check if your users can sign-in. As administrator you can go to the Engine Cockpit and have a look if your security system is gone and all users and roles should appear in the 'default' default security.