cancel
Showing results for 
Search instead for 
Did you mean: 

end user permission ignored

Former Member
0 Kudos

Hello,

I have a problem with an end user permission that seems to get ignored: I wanted to demonstrate the usage of the end user permission and assigned a role to a User (for simplicity's sake as an entry point, no worksets, pages etc. involved) and enabled end user permission on the role for that particular user.

Now when that user logs in he gets to see the according entry in the navigation bar as expected. However if I disable the end user permission, log out and again log in the user, he stills sees the link. The end user permission setting is simply ignored. Can someone shed light onto this, could there be something wrong with the installation)?

I don't think this is an issue of permission inheritance (the role permissions are set explicitly anyway) or overlapping permissions due to membership in several groups - the user is only member of the single standard group 'authenticated users'.

Regards,

Sebastian

P.S. What's the use of a role assignment to a user without end user permission anyway (I mean why the option)? What happens if you don't add permissions on a Role for a certain user at all (I tried it, but the effect is the same as described above - end user permission seem to be irrelevant)?

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Sebastian,

what you have described is actually not a bug. The end user permission setting on role objects has no effect on the runtime availability of roles in the portal navigation.

This means that if you have a role, you will have permission to see all iViews and Pages in this role.

So the question is what's the use of end user permission then? It's used to restrict permission to (displaying) objects in portal utilities that display the Portal Catalog in an "end user" runtime environment. A good example for this is "Page Personalization". You can see here only objects you have end user permission for.

For more detailed information check this link:

http://help.sap.com/saphelp_nw04/helpdata/en/f6/2604e505fd11d7b84200047582c9f7/frameset.htm

Hope this helps,

Robert

Former Member
0 Kudos

Hi Robert,

thanks for your answer and for the link (and I thought I had read everything). I am not so sure however if I really understand the term 'runtime environment' for a user. I thought runtime vs. design-time meant the difference between the content a user sees when he is actually using the portal and the content an administrator has access to in the portal content catalog, i.e. a meta-environment accessible only through certain tools like the permission editor or similar.

I don't understand what you want to express with "<i>It's used to restrict ... end user runtime environment</i>" and why the "Page Personalization" is an example.

I realize that for roles the availability for a user is solely defined by the assignment of that role to the user - end user permissions have no effect on this. Confusing, because I tought this availability (i.e. showing links in the toplevel or detailed navigation) was what was meant by 'runtime environment' but I seem to be wrong here.

The docu says "<i>for roles the end user permission setting does enable you to define which users/groups/roles are able to preview the role content using the portal design-time tools</i>". Again, I am confused, I thought this was exactly the meaning of design-time environment.

Great if you or someone else could comment on this..

Regards,

Sebastian

Answers (0)