We are attempting to promote all objects from a BI Platform 4.3 Support Pack 4 Patch 7 system to a BI 2025 Patch 4 system with the Promotion Management Wizard (PMW). I am designating my destination system as the Central CMS.
I am using this KBA as my guide…
2531264 - Best Practices for Promotion Management Wizard (PMW)
It seems to go fine until promoting All Folders resulting in this error…
Upon investigation, I find that on my destination system the Administrators group has No Access to the Root Folder (Top-Level Access > All Folders)…
I have reverted to backups and done this twice now with one difference under the Security section of the Export Options…
On my first attempt, I selected “Include Object Security” only…
On my second attempt, I selected “Include Top Level Security” and “Include Application Security”…
Both attempts resulted in No Access for the Administrators group.
I did not run reposcan on my source system as recommended. I do not see how that could result in this issue. Anyone else have experience with PMW on BI 2025 Patch 4? What am I doing wrong? Is this a bug?
I have engaged our designated support provider on this. I just wanted to tap the experience and wisdom of the user community as well.
Thanks,
Noel
Hi, Noel.
I don’t have an answer but just some troubleshooting suggestions. Does the top-level security in the source system look strange at all? For example, is it set up with Administrators having a CAL rather than the default “Full Control”? I would try adding Administrator there with Full Control, and also the user account you’re using for the migration if it’s not Administrator. Obviously even if top level security in the source system is messed up, it shouldn’t affect the target if you don’t have “Include Top Level Security” checked off, but it wouldn’t surprise me if it’s trying to update it anyway.
Good questions. The source system has the Administrators group with Full Control…
Are you suggesting I explicit grant the Administrator account Full Control on the source system?
And I am logging into the PMW with the Administrator account.
My next attempt will likely be promoting with no security selected in the Export Options.
Be careful with that. It could remove all of your security.
I had that happen when doing our last upgrade using lcm_cli.bat. After I disabled the security promotion, there was no security. When we were ready to switch over to the new environment, no one had access to anything.
Fortunately, I was able to write a query to just migrate the folders with security and that fixed everything because we set security at the folder level, not the report level.
From the KBA I referenced, unchecking all security options is specified. Then you promote just the security later.
This is so much fun. 
We have pretty basic security. If the “No Security” option works, I’ll probably just go reapply it manually.
Both source and destination systems are test systems. I have had my last know good configuration restored for the third time now. This may not be the last time.
Are you suggesting I explicit grant the Administrator account Full Control on the source system?
Yes, I would try that. I think it’s unlikely that it’ll work, but it might…
From the KBA I referenced, unchecking all security options is specified. Then you promote just the security later.
That’s worth a try, too. At least you’ll be confident that you can get all your content over, and then you can apply the security manually, if the second migration (of security rights) doesn’t work. Personally, I would use the SDK to synchronize security, since I’ve had bad luck with migrating security in the past (I will likely be doing this early next year).
Leaving all security options unchecked seems to have worked. I got my reports migrated to the new test system. Now to figure out how to apply the security.
If you use the lcm_cli.bat command line for the migration, these settings will migrate all of the Public Folders with their security. If you have security set only at the folders, you should be good.
exportDependencies=false
includeSecurity=true
stacktrace=false
consolelog=true
#All Public Folders
exportQuery1=SELECT Top 100000 static, relationships, SI_PARENT_FOLDER_CUID, SI_OWNER, SI_PATH FROM CI_INFOOBJECTS,CI_APPOBJECTS,CI_SYSTEMOBJECTS WHERE DESCENDANTS(“SI_NAME=‘Folder Hierarchy’”, “SI_ID in (23)”) And SI_Kind = ‘Folder’
This is what I ran to solve the loss of the security in our system that I mentioned earlier in this thread.
