cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

DTR ACL Maintenance

Go to solution
Former Member

on ‎02-06-2006 2:38 PM

0 Kudos

I am making my first attempt at installing, configuring, and using NWDI. Besides SAP Help, I am following the NWDI chapters in <i>Java Programming with the SAP Web Application Server</i> by Karl Kessler, Peter Tillert, and Panayot Dobrikov. I have NWDI installed on a Web AS Java SP 15 and am using NW Dev Studio SP 13.

I am at the point of modifying the initial access rights in the DTR. I have all the appropriate administrator authorizations. I have activated the DTR Administration plug-in, created my DTR Client, logged on to DTR and successfully edited the access rights for <All Users>, CMSadm, and my administrators group, NWDI.Administrators, for the root directory and for the /ws folder. So far so good.

From their root directory access rights, <All Users> have inherited access/read/write/check-in rights to /ws and to /ws/system. But I want to deny them any access to /ws/system. I thought I could do this by selecting Edit Principal on them, but accept when displaying root directory permissions, the Edit Principal window does not list their privileges and doesn't let me do any editing (although the OK button is not greyed out). Or I thought I could select <All Users> and use the Ignore Inheritance button. But except when I am displaying root directory privileges, that button is greyed out.

So how do I adjust privileges further down the inheritance path?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

htammen
Active Contributor
‎02-06-2006 3:23 PM
0 Kudos

Hi Randy,

add a new principal <All Users> and check the rights and click deny.

Because deny comes before grant, the users will not have access to the directory.

Regards

Helmut

Show replies
Show replies
Former Member
‎02-06-2006 3:47 PM
0 Kudos

Thanks for the quick response, Helmut. At first it seemed counter-intuitive to "add a new Principal <All Users>", since that Principal was already defined. By I tried that as you suggested and was able to create deny type privileges. In the Permissions view of the DTR Perspective, showing permissions for the /ws/system folder, I now see a "Grant" row for <All Users> and a "Deny" row for <All Users>. From a UI perspective, is that what I should see? (I understand the rule that deny comes before grant.)

Former Member
‎02-06-2006 5:45 PM
0 Kudos

Following up on the previous note, when I created the new Principal <All Users> with Deny type privileges to ws/system, I forgot that all the administrative users I had defined thus far in UME belonged to a group (NWDI.Administrators) which group of course belongs to <All Users>. I thus blocked ALL access to ws/system, including for myself. Fortunately I was able to use the "backdoor" (user <i>superadmin</i>) to undo the damage.

I still run into things I don't get. For example, if I DELETE a Principal and then try to activate the change, I get an "ACL error : ACEs missing" error. ? But I'm starting to get the hang of it.

Former Member
‎02-06-2006 5:46 PM
0 Kudos

See subsequent notes. Thanks, Helmut, and points awarded.

Answers (0)

Ask a Question