Show TOC Entering content frame

Procedure documentation Exporting Permissions Locate the document in its SAP Library structure

Use

This topic describes how to export the ACL structure of your portal content and security zones.

When you export the ACL structure from your source system, an XML file is generated. Using the XML file, you can later import the permission to another portal (the target system) to recreate the same ACL structure. You can use the exported XML file for any number of target systems.

This graphic is explained in the accompanying text

The output of the ACL structure is filtered according to the permission settings of the user requesting the ACL structure form.

Therefore, to view the entire ACL structure in your portal, the user requesting the ACL structure form must be a super administrator or an administrator that has permission to view the entire Portal Catalog.

 

 

Prerequisites

·        At least administrator read permission for each object in the Portal Catalog you want to export.

·        End user permission to the security zone of the following portal component:

sap.com/NetWeaver.Portal/medium_safety/com.sap.portal.admin.acleditor/components/initialPermissionsCreator 

 

Procedure

...

       1.      Log on to the portal.

       2.      In the same browser session, open a new browser window.

       3.      Enter the following URL:

http://<machine>:<port>/irj/servlet/prt/portal/prtroot/com.sap.portal.admin.acleditor.initialPermissionsCreator

Note

Depending on the amount of data to be processed, it may take several minutes for the XML file to be created. 

 

Results

When the permissions have been exported, an XML file, with the name initialPermissions.xml, is created on the source portal in the following folder:

·        Windows:

<installation drive>:\usr\sap\<SAP J2EE instance name>\JC<instancenumber>\j2ee\cluster\server0\apps\sap.com\irj\servlet_jsp \irj\root \portalapps\com.sap.portal.admin.acleditor

·        UNIX:

/usr/sap/<SAP J2EE instance name>/JC<instance number>/j2ee/cluster/server0/apps/sap.com/irj/servlet_jsp /irj/root /portalapps/com.sap.portal.admin.acleditor

For information on importing the XML file to a target system, see Importing Permissions.

The XML file contains all ACL objects existing in the source system. Each ACL tag element is represented in the following format:

<ACL objectID="ObjectID" handlerId="ACL">

  <ACEs>

   <ACE type="[role, user, group]"

        principalID="PrincipalID"

        permission="[owner, Pcd.FullControl, Pcd.ReadWrite, Pcd.Read, NONE]"

        endUserRead="[true,false]"

        roleAssign="[true, false]

    />

  </ACEs>

</ACL>

Where:

·        <ACL> tag (Access Control List): Refers to a single object, and nests a single <ACEs> tag.

¡        objectID attribute: Specifies the ID of the PCD object.

¡        handlerId attribute: Specifies the Generic Creator handler that processes the data in the XML; do not change this value.

·        <ACEs> tag: Groups a number of <ACE> tags that are nested in a single <ACL> tag.

·        <ACE> tag (Access Control Entry): Specifies which users, groups, or roles are assigned permissions to the   object and also their respective permission levels. Each <ACE> tag refers to a single role, user, or group.

¡        type attribute: Specifies if the user management entity being assigned permission to the object is a role, group or user.

¡        principalID attribute: Specifies the ID of the role, group, or user being assigned permissions to the object.

¡        permission attribute: Specifies the administrator permission setting.

¡        endUserRead attribute: Specifies the end user permission setting. If this <ACE> attribute is not specified, its default value is false.

¡        roleAssign attribute: Specifies the role assigner permission setting. If this <ACE> attribute is not specified, its default value is false.

 

Example

A sample XML output declaring content and their permissions looks as follows:

<ACL objectID="pcd:portal_content"handlerId="ACL">

   <ACE type="role"

            principalID="pcd:portal_content/administrator/content_admin/content_admin_role"

            permission="Pcd.FullControl"

            endUserRead="true" />

   <ACE type="group"

            principalID="GRUP.SUPER_GROUPS_DATASOURCE.EVERYONE"

            permission="NONE"

            endUserRead="true"

            roleAssign="true" />

   <ACE type="role"                    principalID="pcd:portal_content/administrator/super_admin/super_admin_role"   

            permission="owner"

            endUserRead="true"

            roleAssign="true" />

   <ACE type="role"

            principalID="pcd:portal_content/administrator/system_admin/system_admin_role"

            permission="Pcd.ReadWrite"

            endUserRead="true" />

</ACL>

 

 

Leaving content frame