Activating ES Repository Properties for Authorization
You activate the ES Repository properties to grant permissions to users or user groups. You define permissions in the ES Builder using authorizations and user roles.
If you do not activate these properties, you can still define user roles and authorizations in the ES Repository, but the permissions will not take effect.
Perform the following steps to activate authorization checks.
-
Access the ES Repository system properties as described under Additional Manual Configuration .
-
Search for the following properties:
-
com.sap.aii.util.server.auth.activation : To define user roles
-
com.sap.aii.ib.server.acl.enable : To define authorizations
-
-
Set these properties to true and save your settings.
Based on the value defined for authorizations and user roles, the system performs the following actions:
Value of com.sap.aii.ib.server.acl.enable (Authorizations)
Value of com.sap.aii.util.server.auth.activation (User Roles)
Action in ES Builder
False
False
Both authorizations and user roles are disabled. All users have permissions to create, edit, and delete objects.
False
True
User roles are enabled.
True
False
Authorizations are enabled. However, if no authorizations are defined, users will not have permissions to create, edit, and delete objects. To perform any of these actions, you should define authorizations.
True
True
Both authorizations and user roles are enabled.
If authorizations are defined, the system grants permissions based on the defined authorizations and not the user roles. However, if no authorizations are defined, the system checks for the user roles and permissions are granted accordingly.