Skip to Content
author's profile photo Former Member
Former Member

How to change massively in some folders the permissions owner ?

Hi:

We have some folders in SAP Portals 2004s (7.0) with a user which is the ACL permission owner and the Services permission owner of these folders.

We need to change that owner massively in these folders to a group without using the user of that owner.

How can we do that ?

Thanks in advance,

Felipe Mendivil Ortiz

Add a comment
10|10000 characters needed characters exceeded

Related questions

3 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Apr 04, 2008 at 05:21 PM

    Thanks very much.

    One more question. The user created in System principal need to have some special permissions or role ?

    Thanks.

    Felipe

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Felipe,

      it seems that you have missed one thing (in terms of understanding).

      The System Principal is a special permission. It is like defining a super admin user who is able to do a lot of administrative things in the Knowledge Management platform. This special permission can be applied to every existing portal user (independent of the other permissions the user has) but also to a group or a role. All users assigned in that group or with that role will become a system principal and have the defined permissions.

      As you've mentioned above, when you create a new system principal definition you can type the following:

      1) Name - To be on the safe side I would use here the same UserId/RoleID/GroupID as in the User Name /Role Name /Group Name field.

      2) Change Resource Permissions - If you check this box, as mentioned in SAP Help, the defined user/role/group is able to change resource permission for every resource (document or folder).

      3) Service ACLs - Yes, here you define if the user/role/group should also be able to change service permissions for every resource (document or folder), or not.

      4) Set System Properties - This is for properties that are not set over the UI (Details screen) but can only be set via API. Sometimes you want to have a system user, which you define as system principal and give him this permission to user this user to set system properties.

      5) Unlock Permission - As mentioned in the SAP Help link, with this permission a system principal could remove document locks set by other users.

      6) Resource Permissions - Here you define what the system principal (user/group/role) is allowed to do in KM (besides the above defined status of changing permissions). If you selected only READ, the system principal will only be able to read ALL resources (files/folders) in KM. It should be clear what happens if you define READ, WRITE, DELETE.

      7) User Name - Type here the User ID of the user(s) that you want to give this system principal status. You can have here a comma separated list.

      8) Audit Actions - By checking this box, every time the mentioned user changes permission / unlocks objects / etc. this action will logged. You will be able to see it in the [KM audit|http://help.sap.com/saphelp_nw04/helpdata/en/44/a9b4e2f9677455e10000000a11466f/frameset.htm].

      You will not find a initial path definition, because you can not restrict a system principal on a special path. The system principal is defined global for ALL KM repositories.

      Hope this clarifies all your questions,

      Robert

  • author's profile photo Former Member
    Former Member
    Posted on Apr 04, 2008 at 07:25 PM

    Thank you very much Robert !!!!

    This is now very clear to me.

    One last question, in case of choosing a role more than a user (in case of a user, in user name we put the user ID) should I put the whole pcd or with the only ID is enough.

    Cause we can have roles with the same ID in differents folders.

    so, What should I put in the name in case of a role ?

    Thanks very much

    Felipe

    PD: I try to do it with a user and it works fine !!!

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Apr 03, 2008 at 04:58 PM

    Hi Felipe,

    If you make your user / role /group a [System Principal|http://help.sap.com/saphelp_nw04/helpdata/en/19/56f28fbd4e11d5993b00508b6b8b11/frameset.htm] you will be able to access every folder in KM (after system restart). You would be able to change then the permission owner of this folder and as long as you did not do any inheritance breaks in the hierarchy you should have no problem.

    Hope this helps,

    Robert

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.