User Groups to Security Groups Migration - FAQs

FAQs

• How do we determine if we should migrate to Security Groups or convert the User Groups to permission sets?
  
  Each method has its advantages, but it depends on your current configuration if you can or cannot use the permission sets option.
  
  To determine that, in Sparkrock 365, navigate to User Groups Application Areas and check if you have any records listed with a few checkboxes enabled like below:
  
  If this is the case you will need to migrate to Security Groups to continue using this feature.
  
  Please note you may have some records with a completely blank configuration or no checkboxes enabled:
  If all the entries are blank like in the example above, that means the Application Areas functionality is not being used.
  
  The next menu to check will be User Groups, where we want to verify if the "Apply Reports To Filter" checkboxes are turned on for at least one group.
  
  To continue using this filters we will need to migrate to Security Groups.
  
  If all the checkboxes are blank here as well as under User Groups Application Areas, then the convert to permission sets option can be used.
  
  
  
• What are the advantages of each option?
  
  The main advantage of Security Groups is that IT can handle all the 365 permissions in a centralized manner, without even accessing Sparkrock 365. They will create the user, assign the corresponding Security Group and license, and the employee will be able to log in to Sparkrock.
  
  On the other hand, converting to permission sets does not require any new setup from IT side or in Sparkrock 365, the workflow will continue to be the same as before the update, with the only difference that instead of assigning User Groups to the users, you will assign Grouped Permission Sets instead. IT will create the user in the 365 Admin Center, assign them a license and then in Sparkrock 365, they would synchronize the Users and assign it a permission set.
  
  The permission sets may be easier to organize if you have multiple live companies in Sparkrock 365, further notes on this under the following question.
  
  Please note, with both options you will still need to create the corresponding mySparkrock User and User Setup in Sparkrock 365 for them to have all the required functionalities.
  
  
  
• We have two live companies in Sparkrock, company A and company B. If we update one, will it update the other? Or will we need to apply the migration changes per company?
  
  A quick clarification before we answer this one:
  In Sparkrock 365 or Business Central we talk about Environments and Companies. Companies reside within environments, which are categorized as either Production (for live data) or Sandbox (for testing and development). You can have multiple companies within an environment, and switching between them is possible via the company switcher pane. More information about this topic can be found in this great external article: Mastering Business Central: Navigating Tenants, Environments, Companies, Countries, and Licenses with Ease - Companial
  
  Coming back to the migration topic, the User Groups table is an environment level table, which means any changes would apply to all the companies in the environment. If you run the migration tool on Company A, the Company B will also be impacted.
  
  With that being said, an important change with this migration is that you can no longer filter the Groups based on company per user. As an example:
  
  Some users under the User Group MANAGERS should only have access to Company A and some others should only have access to Company B. With User Groups, you were able to accomodate this situation with just one group, as you could configure the Company based on each User. With Security Groups that is no longer an option, and the solution would be to have two different Security Groups, one called MANAGERS - COMPANY A and another one called MANAGERS - COMPANY B, each with the Company filters on their Permission Sets.
  
  If you have more than two LIVE companies and a similar situation, then the Convert to Permission Sets option may be more convenient as you can define which company the user should have access to with each permission set assigned.
  
  
  
• If we run the migration tool, will it update all of our Sparkrock environments including the Sandbox?
  
  The migration tool will only affect the companies in the environment you are running it, which means that you can safely run it first in a Sandbox Environment. If you don't have one, you can ask your IT to create it through the Business Central Admin Center.
  
  
  
• When is the migration date scheduled to happen?
  
  To get an specific date please reach out to your CSM but we are aiming at the last week of March, so please ensure you run the migration tool by March 21st.
  
  
• More questions:
  
  Feel free to create a support ticket to have a Support Specialist help you answering any other questions you may have.