Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

System admin Read only

Former Member

on ‎2010 Oct 18 3:51 PM

0 Likes
478

Hi,

I would like to create a system admin read only role. Can somebody help?

Thank you in advance.

Regards,

Dharmi

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎2010 Oct 18 9:10 PM
0 Likes

Hi Dharmi,

I strongly suggest that before you make any changes to the role, you copy the System admin role to your custom namespace and make the following changes.

1. Open the custom system admin role in the property editor. Set the 'System_Admin' property of the role to No.

2. Set the 'System_Display' and 'SystemInfo_Display' to Yes.

We are basically changing the UME actions associated with the custom role in the steps mentioned above. For more info about UME actions, refer to this link

[http://help.sap.com/saphelp_nw70/helpdata/en/49/8b4659c793355ae10000000a42189b/frameset.htm]

3. The last thing you need to do is navigate to System Admin->Permissions. Navigate further to security/sap.com/NetWeaver.Portal/medium_safety/com.sap.portal.appdesigner.contentcatalog/components/Framework

4. Open the permissions on the Framework folder(double click) and assign your new role with the same settings as the other roles.

Your custom system admin role is now a read only system admin. You can set the actions accordingly to suit your requirements.

Hope it helps,

Prathamesh

Show replies
Show replies
Former Member
‎2010 Oct 19 8:20 AM
0 Likes

Hi Prathamesh,

Thank you for your e-mail but it has not helped.

I created a copy of System Admin role, the permissions (Java Based) are set as under:

'System_Display' Yes

'SystemInfo_Display' Yes

System_Admin' No

I am still able to import epa,

import XML content and actions

Content mirroring

From the support I can upload the "par"

and almost everywhere there is the possibility to do something.... it is not the read only as one would expect.

Awaiting your valuable inputs.

Regards,

Dharmi

Former Member
‎2010 Oct 19 2:12 PM
0 Likes

Hello,

I dont think there is any standard functionality through which we can disable those options for iviews.

What we can do as a workaround is check the properties of the iviews and disable that functionitly. For eg.

For "Import" Iview - Set "Enable File Upload From Client" to NO

For "UM Configuration" view - SET "disabledInput1,2,3,.." to YES

Experts, If there is a standard way to achieve this then let us know. I would appreciate that.

Regards

Puneet

Former Member
‎2010 Oct 19 3:57 PM
0 Likes

Hi Dharmi,

You would be able to still able to control most of the permissions through the permissions editor under System Admin->Permissions. For example, if you would not want the custom sys admin to upload par files modify the permissions under security/sap.com/NetWeaver.Portal/high_safety/com.sap.portal.support.desk/components/default. Likewise, you would be able to set permissions accordingly to get the necessary permutations and combinations.

But, some of iViews, for instance importing EPA, are purely executional for the system admin to conduct his/her tasks and do not provide any "Viewable" content. There is no need in providing a read-only access to those iViews. For example, a read-only permission would not help in either importing or not importing an EPA. So, in essence, it would just be a redundant iView with the custom sys-admin not being able to either view content or to import files. Thus, there is no need in having those iViews under the custom role. So I would advise to take such iViews/Pages out of the role.

Hope it helps,

Prathamesh

Former Member
‎2010 Oct 21 9:26 AM
0 Likes

Hi Prathamesh,

Thank oyu once again for your reply.

I just don't see the component "com.sap.portal.support.desk" also had posted the thread.

Do you know how to add that in the the security zone?

Regards,

Dharmi

Former Member
‎2010 Oct 21 11:49 PM
0 Likes

Hi Dharmi,

A component or service cannot be manually added into a security zone. The properties, Vendor and the Security Area in the portalapp.xml file of a particular par file define the security zone for the par and the safety level specifies the level of safety for a particular component within the par. A security zone is an added layer of security that you provide against an unauthorized access to that particular component .

Now, if you would like to provide the right authorizations(read only access etc) to the users in highly sensitive areas of the portal, you need to first find the par files associated with those applications. Coming back to your example, if you would like to disallow users from uploading the par file through Sys Admin->Support, you need to first find what par is that application contained in and then download the par file. The par file in our case is com.sap.portal.runtime.system.console and the application is ClusterAdminConsole. Open the portalapp.xml and in the application config find the properties Vendor and Security Area. For our application, vendor is 'sap.com' and Security Area is 'NetWeaver.Portal'. Now locate the component ClusterAdminConsole in the portalapp and find its associated safety_level, which is 'high_safety' in our case. Now that you know the vendor, security area and safety_level, you can search the Portal for the permission hierarchy under Sys Admin->Permissions. You need to search for security/sap.com/NetWeaver.Portal/high_safety/com.sap.portal.runtime.system.console/components/ClusterAdminConsole and then assign the needful permissions.

Hope it helps,

Prathamesh

P.S. The path which I had mentioned in my last reply was the specified in the error I was getting in defaultTrace. I didn't had time yesterday to decode more into the error and thus ended up specifying the path without actually checking it. Sorry

Ask a Question