BPM, Workflow, and Case

 View Only

 Migrating 1400 groups from IBM BAW 21.0 to IBM BAW 24.0.1

Jump to  Best Answer
Muhammad Haris Khan's profile image
Muhammad Haris Khan posted Thu March 27, 2025 02:54 PM

We have installed a fresh/new environment of IBM BAW 24.0.1 and we have an old environment of IBM BAW 21.0. Both environments are having separate product databases (because we didn't perform in-place migration), which means in the new environment of IBM BAW 24.0.1 the groups are not automatically migrated from IBM BAW 21.0.

We have almost 1400 internal groups (manually created using Process Admin in IBM BAW 21.0) and these are not external groups (i.e., not in LDAP and/or not in Active Directory). How can we migrate these 1400 groups from our IBM BAW 21.0 environment to new IBM BAW 24.0.1 environment? We want to avoid manually adding these groups using Process Admin of IBM BAW (because it will be a donkeywork), is there any automated way to achieve this?

Don Williams's profile image
Don Williams posted Fri March 28, 2025 05:36 AM  Best Answer

I would expect there to be an option to create new BAW groups via the REST API, but it doesn't appear that there is a way to do this according to the docs:

https://www.ibm.com/docs/en/baw/24.x?topic=resources-group

However, you definitely can create new groups via the JSAPI:

https://www.ibm.com/docs/en/baw/24.x?topic=apis-javascript-api-in-processes-cases-service-flows#OrgNamespace - see createRole()

And you can add members - users or nested roles - to the TWRole:

https://www.ibm.com/docs/en/baw/24.x?topic=apis-javascript-api-in-processes-cases-service-flows#TWRole

Therefore, you could build a utility - dashboard or startable service - which compiles all of the roles (and members, if needed) and outputs it as JSON such as:

[
  {
    roleName: "role1",
    userMembers: ["user1","user2"],
    roleMembers: ["role2","role3"],
  },
 {
    roleName: "role5",
    userMembers: ["user6","user7"],
    roleMembers: ["role8","role9"],
    ....
  }
]

Then run the utility in the source environment to obtain all of the role definitions.

Next create another utility that can iterate through the JSON and create the associated roles, and populate with members and run this in the target environment:

roleDefinitionJson.forEach(function(role) {
  var newRole = tw.system.org.createRole(role);
  newRole.addUsers(role.userMembers);
  newRole.addRoles(role.roleMembers);
});

Something like that should get you started.

Jens Engelke's profile image
Jens Engelke posted Fri March 28, 2025 05:35 AM

Interesting question. I fear, you would need to look up the list of internal groups in the database first (filter LSW_USR_GRP_XREF by type) and the use the REST API to extract these groups from the source and create + populate in the target environment.

Muhammad Haris Khan's profile image
Muhammad Haris Khan posted Fri May 02, 2025 12:29 PM

Thanks @Don Williams for the answer (on Fri March 28, 2025 05:36 AM), I followed that and almost achieved the target. But just I added below statement before adding the user (in the groups) in new environment. Below statement will pull / add the user(s) from LDAP and will create an entry to the new BAW database.

tw.system.org.findUserByName(userName); // forces a pull

Actually, in the new environment, just LDAP is connected but the BAW database is not populated with the users. So, if we will use below command to add the users in the group, an exception will occur that the user doesn't exist however the user would be existing in the LDAP. This exception meant that the user doesn't exist in BAW database.

newRole.addUsers(role.userMembers);
Jens Engelke's profile image
Jens Engelke posted Mon May 05, 2025 02:01 AM

Under /ops/explorer, you find a set of REST APIs in the "system" category. There is one to synchronize LDAP users to the database (users_sync). Make sure to have the "add_to_db" flag set to true. This allows you to import all users at once (assuming this is what you want). However, note that your LDAP configuration must be set up in a way that can actually return all users. This may require increasing some thresholds (see step 9 in https://www.ibm.com/docs/en/baw/24.0.x?topic=environment-configuring-user-registry )

Also be aware that you don't want to replicate LDAP groups as internal groups. That is,

  • bpmA and bpmB are groups in the bpm database
  • ldapA is a group in LDAP
  • ldapA is a "roleMember" of bpmA
  • bpmB is a "roleMember" of bpmA

In your migration code, you want to find and add ldapA, but create and add bpmB while processing membership of bpmA.

Related Content