cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to change massively in some folders the permissions owner ?

Go to solution
Former Member

on ‎04-03-2008 5:49 PM

0 Kudos

Hi:

We have some folders in SAP Portals 2004s (7.0) with a user which is the ACL permission owner and the Services permission owner of these folders.

We need to change that owner massively in these folders to a group without using the user of that owner.

How can we do that ?

Thanks in advance,

Felipe Mendivil Ortiz

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-04-2008 6:21 PM
0 Kudos

Thanks very much.

One more question. The user created in System principal need to have some special permissions or role ?

Thanks.

Felipe

Show replies
Show replies
Former Member
‎04-04-2008 7:33 PM
0 Kudos

Hi Felipe,

it seems that you have missed one thing (in terms of understanding).

The System Principal is a special permission. It is like defining a super admin user who is able to do a lot of administrative things in the Knowledge Management platform. This special permission can be applied to every existing portal user (independent of the other permissions the user has) but also to a group or a role. All users assigned in that group or with that role will become a system principal and have the defined permissions.

As you've mentioned above, when you create a new system principal definition you can type the following:

1) Name - To be on the safe side I would use here the same UserId/RoleID/GroupID as in the User Name /Role Name /Group Name field.

2) Change Resource Permissions - If you check this box, as mentioned in SAP Help, the defined user/role/group is able to change resource permission for every resource (document or folder).

3) Service ACLs - Yes, here you define if the user/role/group should also be able to change service permissions for every resource (document or folder), or not.

4) Set System Properties - This is for properties that are not set over the UI (Details screen) but can only be set via API. Sometimes you want to have a system user, which you define as system principal and give him this permission to user this user to set system properties.

5) Unlock Permission - As mentioned in the SAP Help link, with this permission a system principal could remove document locks set by other users.

6) Resource Permissions - Here you define what the system principal (user/group/role) is allowed to do in KM (besides the above defined status of changing permissions). If you selected only READ, the system principal will only be able to read ALL resources (files/folders) in KM. It should be clear what happens if you define READ, WRITE, DELETE.

7) User Name - Type here the User ID of the user(s) that you want to give this system principal status. You can have here a comma separated list.

😎 Audit Actions - By checking this box, every time the mentioned user changes permission / unlocks objects / etc. this action will logged. You will be able to see it in the [KM audit|http://help.sap.com/saphelp_nw04/helpdata/en/44/a9b4e2f9677455e10000000a11466f/frameset.htm].

You will not find a initial path definition, because you can not restrict a system principal on a special path. The system principal is defined global for ALL KM repositories.

Hope this clarifies all your questions,

Robert

Answers (2)

Answers (2)

Former Member
‎04-04-2008 8:25 PM
0 Kudos

Thank you very much Robert !!!!

This is now very clear to me.

One last question, in case of choosing a role more than a user (in case of a user, in user name we put the user ID) should I put the whole pcd or with the only ID is enough.

Cause we can have roles with the same ID in differents folders.

so, What should I put in the name in case of a role ?

Thanks very much

Felipe

PD: I try to do it with a user and it works fine !!!

Show replies
Show replies
Former Member
‎04-04-2008 9:15 PM
0 Kudos

Hi Felipe,

As role name you need to type the whole PCD ID. So for example: "pcd:portal_content/administrator/system_admin/system_admin_role".

Have a nice weekend,

Robert

Former Member
‎04-04-2008 10:14 PM
0 Kudos

Thanks very much !!!

Have a nice weekend too !!!

Felipe

Former Member
‎04-05-2008 12:44 AM
0 Kudos

Thank you Robert !

Have a nice weekend too !

I have done the following thing:

Create a role in Sistem Principals with permissions to change ACL and service ACL.

And I give it Ressource Permission of read (only).

But, when accessing to the folders he can create, write and delete items (in folders and documents) ! He is not owner and doesn't have permissions on that folders.

Is that normal ?

How can I do to restrict this role to only read in folders and documents, and allow him to change ACLs and service ACLs ?

Thank you very much !!!

Felipe Mendivil

Former Member
‎04-06-2008 8:23 PM
0 Kudos

Hi Felipe,

It seems that you have configured everything correct. You might want to check if the specific user has no other system principal rights, recieved not over the role but over the other system principal definitions like user, group or other role. This could be the case, if for example the user has also the super_admin role.

If you checked everything, and you can't find the reason, I would open an OSS ticket, and state this as a bug.

Hope this helps,

Robert

Former Member
‎04-10-2008 10:04 PM
0 Kudos

Thank you very much !!!.

Former Member
‎04-03-2008 5:58 PM
0 Kudos

Hi Felipe,

If you make your user / role /group a [System Principal|http://help.sap.com/saphelp_nw04/helpdata/en/19/56f28fbd4e11d5993b00508b6b8b11/frameset.htm] you will be able to access every folder in KM (after system restart). You would be able to change then the permission owner of this folder and as long as you did not do any inheritance breaks in the hierarchy you should have no problem.

Hope this helps,

Robert

Show replies
Show replies
Former Member
‎04-03-2008 6:11 PM
0 Kudos

Hi Robert:

Thank you very much !!!

How can I do my user or group a System Principal ?

I think this can help me too much.

But can I do this in a massive way without having to enter folder by folder ?

Thank you very much !!!

Felipe

Former Member
‎04-03-2008 10:17 PM
0 Kudos

Hi Felipe,

The SAP Help document actually also describes how to change the System Principal settings. You go to the KM Configuration (System Administration -> System Configuration -> KM Configuration -> Content Management) -> Utilities -> System Principals. Go to System Users -> New give it a name, you can tag everything on and make sure that you type in your userID in "User Name" field case sensitive!

After a restart you should be good to go.

As mentioned in my previous post, if you change the owner on the top folder and you have not change the permissions on sub folder levels, with the ACL inheritance model in place, the change will be reflected on all subfolders. Unfortunately, you need to do this change on every subfolder where you changed permissions so the inheritance is not in place anymore.

Hope this helps,

Robert

Former Member
‎04-04-2008 12:36 AM
0 Kudos

Thank you very much Robert !.

I found the system principal.

I see the following properties:

1) Name (the name to display)

2) Change Resource Permissions -Are these the ACLs ? What is the function of this ? Is it for changing the ACLs of all the ressources ? (folders and documents)-

3) Service ACLs -i suppose these are the service permissions. What can I do with that ? Change the service permissions for all ? (folders and documents)-

4) Set System Properties -what are this for ?

5) Unlock Permission -what are this for ?. To unlock objects ?

6) Resource Permissions -i can select read/write/delete. What are this for ?

7) User Name

😎 Audit Actions -What are this for ?-

Hope you can help me !

Thanks in advance.

Felipe

Former Member
‎04-04-2008 12:39 AM
0 Kudos

Hi Robert:

I don't see where the initial path folder is configured or if it is applied to /documents folder.

Or all folder ?

Thanks in advance,

Felipe

Former Member
‎04-04-2008 7:45 AM
0 Kudos

Hi,

You can see this topic from SAP Library:

Setting Permissions

http://help.sap.com/saphelp_nw70/helpdata/EN/42/89749d882d1422e10000000a114cbd/frameset.htm

Hope this link will be helpful for you.

Regards,

Lubi

Ask a Question