Permissions propagation, permission preservation policy

This feature allows the source permissions for folders and files to be transferred to the destination during job execution. 

Related:

Permission Options

Preservation Policy

Permission preservation policy determines how you want permissions to be applied with your job execution(s). There are 3 options available:

  • Disable Preserve item Permissions | none - No permissions will be passed from source to destination (this is the default)
  • Add Permissions | add - Current permissions existing on impending transfers (on files or folders) will be preserved as they are transferred on both the source and the destination (recommended setting)
  • Prefer the permissions on Source | diff - Reconciled permissions, which will remove permissions from the destination if they do not match the source. This will keep things in sync in the event that the destination folder levels more permission than the source. This is a good option for sync jobs that are constantly moving back and forth to keep everything as intended

Failure Policy

Permission failure policy determines what should happen with your job execution(s) should it encounter failures. There are 4 options available:

  • Do not Transfer the item - Platform exceptions only | exceptions - Halt transfer of item (e.g. a folder's children) when there are platform exceptions while transferring permissions to the destination (this is the default)
  • Do not Transfer the item - Disinheritance only | deny - Halt transfer of item when any deny or disinheritance permissions fail to transfer to the destination
  • Rest API only | all - Includes both "exceptions" and "deny" policies
  • Transfer the item | none - Do not halt transfer of item on permission failures (recommended setting if you want to ensure content will transfer even if permissions are not applied due to warnings or failures)

DataHub will re-evaluate permissions every time the content changes or a permissions reset is performed. This is applicable for both copy and synchronize job types

  • For example, if a new permission is added to a file but no other changes occur, DataHub will not apply this permission on subsequent runs. A permission reset will need to be performed

See Permissions import

Example JSON - DataHub API

{
  "name":"Permission_Prop",
  "kind": "transfer",
  "transfer": {
    "audit_level": "trace",
    "transfer_type": "copy",
    "permissions": {
      "policy": "add",
      "failures": "exceptions",
      "import": {
        "source": {
          "text": {
            ["delimiter"]: ",", //optional, defaults to comma
            "target": {
              "path": "/skysync_permissions.csv"
            }
          }
        },
        "output": {
          "format": "text"
        }
      }
    },
    "source": {
      "connection": {
        "id": "{{nfs_connection}}"
      },
      "target": {
        "path":"/"
      }
    },
    "destination": {
      "connection": {
        "id": "{{cloud_connection}}"
      },
      "target": {
        "path": "/proptest1"
      }
    }
  },
  "schedule": {
    "mode": "manual"
  }
}

Related:

Legacy Setting

You can still use "permissions": "add" or "permissions": {...} and "permissions_import": { ... } separately if you do not want to specify a failure policy or want to set import and policy separately. They will, however, be returned together under "permissions" when getting the transfer job details (e.g. fields=all or fields=transfer.permissions)

{
  "name":"Permission_Prop",
  "kind": "transfer",
  "transfer": {
    "audit_level": "trace",
    "transfer_type": "copy",
    "permissions": "add",
    "permissions_import": {
      "source": {
        "text": {
          ["delimiter"]: ",", //optional, defaults to comma
          "target": {
            "path": "/skysync_permissions.csv"
          }
        }
      },
      "output": {
        "format": "text"
      }
    },
    "source": {
      "connection": {
        "id": "{{nfs_connection}}"
      },
      "target": {
        "path":"/"
      }
    },
    "destination": {
      "connection": {
        "id": "{{cloud_connection}}"
      },
      "target": {
        "path": "/proptest1"
      }
    }
  },
  "schedule": {
    "mode": "manual"
  }
}

Related Links