Show TOC

Propagation of ACLsLocate this document in the navigation structure

Use

This report allows you to propagate the ACL for a resource (document or folder) 1:1 to other folders and their contents or to individual documents.

You can use this report to perform the following operations:

  • Assign new ACLs

  • Overwrite existing ACLs with a new ACL

  • Merge existing ACLs with a new ACL

  • Merge inherited ACLs with a new ACL

  • Delete existing ACLs

Prerequisites

You are using the ACL security manager delivered by SAP for the repositories that the resources are located in.

Recommendation

We recommend creating a file in advance, assigning the required permissions to it, and using this file as a template ( ACL Template Resource ).

Procedure

To propagate or delete ACLs, proceed as follows:

  1. Launch the report. In the portal, choose Start of the navigation path Content Administration Next navigation step KM Content  Next navigation step  Toolbox  Next navigation step  Reports  Next navigation step  Security  Next navigation step  Propagation of ACLs End of the navigation path.

  2. Choose Start and specify a name for the report.

  3. On the Scope tab, you choose the target, this is generally a folder containing resources to which you want to propagate the ACLs in the template:

    Parameter

    Description

    Location

    Specifies the folders to which you want to propagate the ACLs.

    Maximum Results

    The system terminates the search when it has found the corresponding number of items.

    The entry -1 signifies all items.

  4. On the Parameters tab, you enter the ACL template and choose further parameters:

    Parameter

    Description

    ACL Template Resource

    Specifies the path of a normal resource in KM (document or folder), whose ACL settings are to be propagated to other resources.

    You can also call this resource the ACL template.

    Merge with existing ACLs (overwrite if unchecked)

    If this parameter is activated, existing ACLs are merged with the entries in the ACL template.

    If this parameter is deactivated, existing ACLs are overwritten by the entries in the ACL template.

    Merge with inherited ACLs

    In the folder hierarchy of a KM repository, permissions are inherited by subordinate folders from superordinate folders. Therefore, an item in a folder must not have its own ACL, but inherits the permissions of the superordinate folder.

    If this parameter is activated, the ACLs for the superordinate folder are propagated to the target you have defined ( Location ) and merged with the ACLs in the ACL template. The resulting "merged" ACL consists of the inherited permissions and the permission in the ACL template.

    This parameter is only taken into account if the Merge with existing ACLs parameter is selected and inherited permissions exist.

    Deep Propagate

    If this parameter is activated, the ACLs are propagated to all resources in all subfolders for the selected target folder (Location).

    If this parameter is deactivated, the ACLs are propagated only to the items (resources and folders) directly in the selected target folder and to the target folder itself.

    Show ACL Details

    If this parameter is activated, the system displays detailed information about the ACLs for a resource. In the detailed information, you can find the permission owners and the assigned permissions.

    If this parameter is deactivated, the system displays only default information.

    Do not activate this parameter if a large number of permissions are assigned for resources, because displaying the details can negatively impact performance and you can lose track of the permissions.

  5. Go to the Commands tab and choose Start .

    You can configure the following settings for this report on the Commands tab:

    Command

    Description

    Perform ACL Operations

    The command performs the required ACL operations.

    If you select the target directories and the parameters and then choose Start to run the report without activating this command first, the system first scans all resources and displays an overview of the resources and the planned operations. On the overview, you can exclude specific resources that the report should not take into account. Then select the command and start the report again.

    However, if you select this command and choose Start to run the report, the ACL operations defined are performed immediately. You cannot make any further changes.

    If you activate the Use inherited ACL where possible parameter, the report checks the existing ACLs in the superordinate folders, whose ACLs are passed on by default. If the resulting ACL matches the ACL that is passed on from a superordinate folder, the report does not create a new ACL or delete the existing ACL, but continues to use the principle of inheritance.

    The system performs a check. The results of the check contain a summary of the planned operations. You can check them and make any necessary corrections.

  6. Go to the Commands tab again and select the Perform ACL Operations command. Choose Start to run the report.

    The results contain a detailed summary of the executed operations.

Caution

Note that the report can impact performance if too many documents are processed.

Note

You can also use the report to delete ACLs. To do this, you choose a resource that does not have any ACLs as the template. You then run the report for the resources whose ACLs are to be deleted.

More Information