Share this post

Linkedin Reddit

**Update as of February 2018**

Included in the release of Dropbox Team Spaces is the ability to set nested permissions in Dropbox! This means that there will no longer be any inheritance conflicts when migrating from on-premises file servers! Get in touch with us to learn more

Your company has chosen to adopt Dropbox Business. For IT, this is great news. No need to worry about uptime, server maintenance, and unexpected costs. In addition, Dropbox also puts far less of a strain on your network than you’d think; Dropbox consumes the least amount of bandwidth while transferring large files compared to similar cloud collaboration platforms.

Your end users will undoubtedly love the move since they are likely already using Dropbox and will need minimal training. The sync client has also been rated as having the fastest sync rates of the bunch. Perhaps most importantly the excellent collaboration and mobility benefits Dropbox brings will have a great impact on business operations.

Your users and management want to adopt Dropbox as fast as possible, and it’s IT’s job to make it happen.

The Problem:

You have been tasked with migrating a large amount of data to Dropbox. This may include migrating network file shares, Windows Servers, SharePoint deployments or other cloud systems with complicated group and individual user permissions. You may have quickly realized that the waterfall permission scheme in Dropbox does not exactly align with the permissions model of your current systems. Manually migrating nested groups, ACLs and user permissions before, during or after a migration is tedious and sometimes nearly impossible without the help of a tool and a thorough migration plan.

Because of the variations in permissions between the source and Dropbox, once the content is migrated each subdirectory will inherit the permissions and sharing configuration from its parent rather than be explicitly set at each level. So what would a possible migration of permissions look like?

Right away you’ll notice that there are more folders higher up in the directory structure. Whenever there is an inheritance issue, a new shared folder must be created at the same level of its parent where the inheritance issue occurs. To achieve this manually, groups of users must have their sharing created in the Dropbox admin UI AFTER the content and hierarchies have been created. Good luck if you’re dealing with thousands of nested folders. If there are simple permissions additions, as in A1/A1, those shares can be created without reassigning the folder up one level.

Note that there are many ways to accomplish mapping. Therefore, it is crucial to fully understand the permissions structure in Dropbox during the planning phase of a migration.

The Resolution:

Cloud FastPath’s tools help create and execute a complicated migration of permissions, groups and owners to Dropbox. During the planning phase, you can use the simulate feature to gain a better understanding of the current status of a permission structure before anything is transferred. This provides an excellent opportunity to audit permissions and ownership to identify where there may be mismatches, permissions errors and security threats.

From there you can easily map permissions and ownership attributes into Dropbox, and have any inheritance issues brought to your attention in the process. Aligning permissions can be achieved through one-to-one mappings of owners or by mapping entire groups. Additionally, path-based mapping provides the best approach for managing folders with inheritance issues. For instance, the above style could be created with the folders moved into admin accounts, or an entirely new permission and sharing structure can be automatically applied.

There are other important tasks that must be accomplished during the planning phase of a migration. This includes formulating a general migration strategy based on priorities, goals, technology (file servers, home drives, individual machines), location, business units and departments. Also, breaking up the migration into groups of 100–500 users at a time will keep the permission mapping stage easily manageable.

In addition, it is important to identify what content best belongs in user accounts (user-owned content), and what content belongs in Team Folders. Cloud FastPath analytics can scan the source content to identify the most collaborative content, and content owned by groups. This kind of content best belongs in Team Folders. User-owned content can be mapped by AD account or by path automatically into Dropbox accounts, with permissions and metadata intact.

Migrating groups is a bit more tricky, as there are some decisions that must be made. Consider a situation where there is a marketing department which includes the groups “US Marketing” and an “EMEA Marketing”, as well as “US Marketing executives”, “EMEA Marketing executives” and “EMEA Executive Assistants. These groups have ownership of the corresponding directories:

There are many folders from the US Marketing Executive group that are shared with the EMEA Marketing Executive group. However, the Executive Assistant directory is a subdirectory of the EMEA executives. If the group sharing is mapped directly as described, the members of the Executive Assistant group will also have access to the files and folders shared to the directory above.

Based on Dropbox’s permissions structure, there are many ways to automatically map this relationship with Cloud FastPath. One method is to move the Executive Assistant Directory out from under the EMEA Marketing Executive directory and retain the sharing relationship. Another method is to migrate all of the shared folders into a new directory, and give ownership to each Executive group explicitly. No matter what you choose, Cloud FastPath automatically creates new directories and permissions without any manual intervention.

Conclusion

Manually mapping permissions to Dropbox becomes incredibly complex when migrating multiple file shares and thousands of users. Having a tool that helps manage both the planning and execution phase can reduce the migration time by months, while making sure your data is usable once it makes it to Dropbox.

Start a Free Trial