I have a question regarding Note 786433 - Accessing Solution Manager Documents Using URL. This note says that the service user should at least have the role SAP_SOL_KW_DIS, but if the user only has this role, I get a "You do not have authorization for this function" in IE when I enter one of the generated URLs into IE.
If I on the other hand assign the role SAP_SOLAR_AC to the service user, the anonymous connection works.
My questions are thus:
1. What could be the reason to why the SAP_SOL_KW_DIS role is not sufficient in my case?
2. What is the consequences of using the SAP_SOLAR_AC role instead? Will this give the anonymous users unwanted access somewhere else, like write permission on the documents perhaps?
Any help will be rewarded.
to 1: The role should be sufficient. Did you maintain it properly in transaction PFCG, generated the profile and executed the user comparison for it?
to 2: SAP_SOLAR_AC is actually not the up-to-date role and contains authorization for more than just KNowledge Warehouse. So you might have more authorization than needed.