cancel
Showing results for 
Search instead for 
Did you mean: 

Everyone Full Control for CM Repository ??

Former Member
0 Kudos

Hi All,

I' ve created a CM Repository in FSDB mode.

<b>1.</b> Is it mandatory to give Everyone Full Control permission in order to UPLOAD a file/folder to the repository.Can't i restrict the permissions only to certain users?

<b>2.</b>What is the significance of Network Path in the creation of CM Repository

(ref : ).

Regards,

Joshua Kiran

Accepted Solutions (1)

Accepted Solutions (1)

LarsE
Advisor
Advisor
0 Kudos

Hi Joshua,

you should define an Acl for your folders where only selected groups / roles and users have read/write access.

If they should also be allowed to delete the documents, these users must also have the delete permission for that ACL. Full Control is not required for upload.

All remaining users, that should only be allowed to read a document, only need read permission on in the ACL.

The network path is a link to the file server that is basis for a fsdb repository.

Regards

Lars

Former Member
0 Kudos

Thank you Lars,

But, what about the permissions of the folder where it is physically located.Should i give full control ??

Regards,

Joshua Kiran

LarsE
Advisor
Advisor
0 Kudos

Hi,

you need to give full control to the user that is used for the network drive mapping.

The portal users will access the share with that mapping user and need no own permission for this folder.

Just restrict their permissions by setting KM acls.

If you are using the W2K security manager, the user of the portal must have the corresponding permission on the filesystem folder.

Regards

Lars

Former Member
0 Kudos

Hi Lars/Kumaran,

I'm using ACLSecurityManager.The situation is........

I have some Folders on different system, so i wanted to view them thru Enterprise Portal, sitting on my system.

I used CM Repository to configure that particular folders in EP.Now i'm able to view these folders in portal and also from my system itself.

Everything worked fine till now.

But when i wanted to upload a file thru EP into the folders(located on different machine). i'm not able to do so.

This also worked out when i gave Everyone Full Control to folders(located on different machine) going there physically.

This is a security breach.

I just wanted to restrict this permission only to certain users.

Hope this explanation helps u better understand the situation.

Regards,

Joshua Kiran

Former Member
0 Kudos

Please resolve my issue (

Answers (2)

Answers (2)

alexander_link
Explorer
0 Kudos

Hello,

I'm still not sure what your problem is exactly. The last post from Lars describes all you should do.

You should give write permissions on KM ACL level to the users which shall be able to upload files.

When an authorized user uploads a file the file is physically created on the share using the "SAPService<SID>" user. This user must have write permissions on the share.

ACLs on KM level are completely independent of the file system permissions.

Regards

Alex

Former Member
0 Kudos

Thank you Alex/Lars,

Let me tell u what i did after this.

I went to the Content Administration->KM Content->CM Repository folder -> clicked on the breadcrumb -> details

-> settings -> permissions -> then i have added the Full control permissions and was able to upload the files successfully and i could restrict the users by giving readonly permissions.

My concern is, ... only when i give <b>Everyone</b> full control permissions iam able to upload otherwise

I wish the scenario to be like this.....

I give only Full control to my userID in the windows system folder (where the folder physically located)and i give Full control in the Portal ACL permissions then...I shud only be able to upload files.

Regards,

Joshua Kiran

alexander_link
Explorer
0 Kudos

Hello,

I'm sorry, this is not possible.

The share is always accessed using the configured user or the SAPService<sid> user.

What you would need is that the share is accessed using the os user corresponding to the portal user. But we do not support this scenario...

You could use the W2KSecurityManager. This security manager applies the filesystem permissions in KM.

Regards Alex

Former Member
0 Kudos

Hi Alex,

Ok fine.... but when i use W2KSecurityManager, the repository is not starting up

The error im getting is

<i>Exception during start up of sub-manager: W2kSecurityManager: problems getting config parameters from Repository Manager</i>

Please help me in this regard.

Regards,

Joshua Kiran

Former Member
0 Kudos

Hi Joshua,

Actually the w2k security works in the following manner:

<b>1) The j2ee engine user should have the admin rights on the share server .

2) The user configured in the network path should have the full access Permisions to the folder (NTFS level and share level)

3) The mapped portal user (windows user) should have the appropriate permission (NTFS level) to fulfill the given task </b>

I hope that could help you to solve your problem.

Best regards, Pavel.

Former Member
0 Kudos

Hi,

I believe, it depends on the security manager you use for the repository. If you use AclSecurityManager, then the file system needs no modification. The issue comes up if you use W2KSecurityManager.

Regards,

Kumar