cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to control permissions in KM using File System Repository Manager

Go to solution
Former Member

on ‎11-04-2005 3:30 PM

0 Kudos

Hello everybody

I have a scenario with 15+ file servers which content needs to be mapped into Portal KM as read-only.

Windows Authentication is configured on the portal, so the users don't need to supply the portal with username/password.

Now the users are of course only allowed to see the same content in the portal as they can see on the file servers. I know that the permission mapping can be done using a File System Repository Manager with W2KSecurityManager, but in that case the users will have to maintain the mapping of rights from windows to portal manually. And with ever-changing passwords this is too big an administrative task. So I am looking for another solution.

My question is therefore:

How can you configure the File System Repository Manager in a way where it the user does not need to maintain "user mapping" manually, but only need to logon to the portal (through windows authentication) and can see the same files from the portal as he/she can see from the file servers.

Can this information in some way be taken from the configured Windows Authentication? Or is the only solution to enable WebDav on the file servers and and follow the "Integration of Windows File Servers into the SAP KM platform Using SSO and the WebDAV Repository Manager"-guide?

Any help will be rewarded.

Best regards,

Martin Søgaard

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎11-04-2005 3:58 PM
0 Kudos

Hi!

Unfortunately there is no security manager which operates on native file system security but the W2KSecurityManager and this one is based on user mapping.

I am afraid that the WebDAV solution is the easiest way.

Kind regards, Dirk

Show replies
Show replies
Former Member
‎11-08-2005 8:41 AM
0 Kudos

Hi Dirk

It's not because I don't trust you, but what documentation do you base your reply upon? The "Dirk-argument" doesn't do it for our customer

Best regards,

Martin Søgaard

Former Member
‎11-08-2005 8:47 AM
0 Kudos

Hi!

I asked the developer of the W2kSecurityManager.

I am the developer of the KM ACLs.

bye, Dirk

Former Member
‎11-08-2005 9:22 AM
0 Kudos

Hi Dirk

For some reason I didn't notice the SAP-logo next to your name.

Guess the "Dirk-argument" isn't that bad after all

Regards,

Martin

Former Member
‎11-08-2005 12:16 PM
0 Kudos

Hi again Dirk

I just studied the "Integration of Windows File Servers into the SAP KM platform using SSO and the WebDAV repository manager"-guide in depth and I don't quite understand what rights the cmadmin_service and notificator_service are supposed to be given in the Active Directory. In the guide it says:

"A number of global services and repository services need to perform operations on resources in various repositories. For example, the index management service must read all resources it is meant to index. When an index is created, the service user index_service is used. Therefore, this user has to have at least read access to all repositories that are to be indexed. Other users that are used by the SAP KM platform are the service users notificator_service and cmadmin_service. When a search is taking place, it is the user that is currently logged on to the portal."

I dont quite understand what the two service users are doing but more importantly, I need to give the two service users the correct permissions in the Active Directory (or through user mapping). I understand that index_service only needs read_only permissions, but what permissions should the cmadmin_service and notificator_service be given?

Best regards,

Martin

Former Member
‎11-08-2005 12:39 PM
0 Kudos

Hi!

cmadmin_service should have full_control and notificator_service should have read access on all objects.

bye, DIrk

Former Member
‎11-10-2005 12:03 PM
0 Kudos

Hi Dirk

I have another question, I hope you will help me with.

Should cmadmin_service have full_control even though I only want the directory to be read only?

In the File System Repository Manager you have the option to specify whether the repository is read only or not. How can you make a WebDAV Repository Manager read only?

Kind regards,

Martin

Former Member
‎11-10-2005 12:23 PM
0 Kudos

Hi!

If you don't want to (or don't need to) allow KM services to write into the repository, you might give the cmadmin_service only read access to all folders and files.

If you want to index the repository you must give the index_service read access to all folders and files.

If you want to have a read only WebDAV repository, you must configure this at the WebDAV server resp. the underlying filesystem/repository/...

bye, Dirk

Former Member
‎11-25-2005 11:28 AM
0 Kudos

Hi Dirk

Will the "Integration of Windows File Servers into the SAP KM platform using SSO and the WebDAV repository manager" solution also be able to handle permission settings on sharelevel?

As I see the documentation, the solution only take permissions from the access control lists into account:

"When using the SSO22KerbMap Module no security manager is necessary since the access to the WebDAV repository is performed using Windows Integration authentication. The access to the folders that are published via WebDAV using IIS is controlled by the existing Windows access control lists."

But what about the permissions set on sharelevel? We have a scenario, where most ACLs gives everyone full control, but in reality they only have their sharelevel permissions.

I really need your help on this one! And if you could provide me with some sort of documentation, you are the best.

Kind regards,

Martin

Answers (0)

Ask a Question