on 10-26-2015 5:17 PM
Hello All,
In our portal we have this arrangement that each portal role will be mapped to a particular portal group.
In case if we need to disable a particular application for end user we will just remove the portal role to group mapping. So that the user will not be able to access the application.
For example if a portal role XX mapped to group YY. And YY assigned to N users. To disable the application, only the XX->YY mapping will be removed.
But when the user stores the application URL in the browser in the format https://server:port/irj/portal/NavigationTarget=navurl://sdjkfwec, the user is able to access the application.
I tried deleting browser cache and in portal navigation cache, PRT cache, UME cache , OBN cache but nothing works.
Kindly let me know if we can resolve this in any other way.
Regards,
Porselvan
Hi Porselvan,
You are referring to a hashed navigation URL which created since the short URL mechanism is used.
An explanation about the short URL's can be found here:
How to deal with Short URLs - Portal - SCN Wiki
Navigation with Short URLs - Portal - SAP Library
I have 2 suggestions for you:
1. You can disable the short URL (set to False), then the navigation using the hashed values to ANY navigation target will not work using hashed values, only navigation target with full URL given will work.
2. Keep the short URL's active and change the iView location, since the current hashed value is mapped to the old location the navigation should not work for users trying to access it directly using the hashed value in the navigation target.
To synchronize the short URL with the full URL after changes have been made to the navigation target URL, click Synchronize.
Best regards,
Etay
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Etay,
This is good idea but in our case it will not be helpful for all scenarios.
In our case we have different portal groups mapped to the same roles. Each group represents a particular country user.
Sometimes we only have to block access to a one country users and not others. So we will remove the mapping for the specific groups mapped to the roles but not all.
And moreover this unmapping groups was working without any issue before. Only recently we have this issue with bookmarks.
Regards,
Porselvan
Hi Porselvan,
Please try to set permissions to different users/groups using the permissions editor.
I hope it is valid for your issue.
https://help.sap.com/saphelp_nw73/helpdata/en/48/5024aa2a4371b9e10000000a421937/frameset.htm
Using the Permission Editor - Portal - SAP Library
Best regards,
Etay
Hi Porselvan,
From your statement I understand that you are removing only the mapping between the portal roles and the portal group. However the relationship/mapping between the user and portal group still stands.
When you say, the endusers are still able to open the particular iview/page/object even after removal of the portal role, then you need to check whether any other portal roles are assigned to the portal group which is already assigned to the user.
e.g. you have removed mapping between xx -> yy. however YY might still hold some other role mapping may be aa or bb or cc. if any one of these roles which has the bookmarked iView/page/object assigned then the user will be definitely able to access the URL.
Please check from this perspective and let us know.
Thanks,
Mahendran B.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Users can directly access iViews or content in the PCD if portal permissions allows them.
Besides roles, you should limit permissions only to the users you want to have access
See the following link to configure your portal permissions correctly:
https://help.sap.com/saphelp_nw73ehp1/helpdata/en/48/5024aa2a4371b9e10000000a421937/frameset.htm
Best Regards,
Tal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tal,
Thank you for your response. The issue for us is that even if we restrict permission we will restrict permissions only based on the portal group and not based on the role.
Since the user will already have the group still assigned to him this is not a solution for us.
Is there anyother way we can disable direct access to the iView/page?
Regards,
Porselvan
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.