Skip to Content
0
Former Member
Oct 28, 2004 at 09:18 PM

Windows & File System Repository - security issues

29 Views

Hello,

I got a strange behavior in EP 6 SP 2 using KM and Windows file systems. Here is the scenario:

- I created a Network Path and a File System Repository pointing to a Windows 2003 File System, following the portal help instructions. Both EP6 server and Windows 2003 server are in the same domain.

- according the KM Monitor, the repository is up and running

- the portal users can access their respectives folders in the file system after having their uids / passwords mapped in the user mapping option

- the portal is assuming the permissions (read & write & list folder & etc) from windows

So far it seemed to be everything ok - but after some tests we got the problem:

- user "A" has his uid/pwd mapped in portal, and read & write access to the file system "dept_folder". He can access the folder through a KM iview, with r/w privileges.

- user "B" has his uid/pwd mapped in portal, and ONLY read access to the file system "dept_folder". He can access the folder through an KM iview, with read privileges.

- and here comes the problem: if user "A" is logged, and user "B" replaces his uid by user "A" uid in the user mapping (only the uid, the password doesn't matter) he can access the file system "dept_folder" with the same privileges than user "A".

I looked in SDN, SAP Notes and SAP Portal Help trying to find an article related to this, no success so far. We have CM Patches 2 & 3 applied, and Patch 4 doesn't have any comment about this specific security problem.

Has someone already face this problem ? Or could be something wrong in my configuration ?

Rgds, and tks in advance

Fernando Cervantes