Show TOC Entering content frame

Function documentation System Principals Locate the document in its SAP Library structure

Use

Generally, access permissions for resources are specified through access control lists that apply to particular resources or collections. They are maintained in the respective resources (see Permissions).

 

In addition, the system principals utility allows you to define permissions for users, groups, and roles that apply system-wide and independently of individual resources or collections. This is a convenient way of defining permissions that are not related to (specific) resources. These permissions are maintained in the CM configuration.

 

Features

A user may be granted a permission either directly as a user, or indirectly as a result of permissions assigned to a group or a role. Users can be service users as well as people.

 

Parameters of a System Principal

Parameters

Required

Description

Name

Yes

Name of the system principal.

The name must correspond to a portal user, group, or role.

User Name

Yes

Name of the corresponding user as defined in portal user management.

Authorized to Change Resource Permissions

No

Defines whether the user is allowed to change permissions for a resource.

Unlock Permission

No

Determines whether the user is authorized to remove external locks (that is, the user is able to remove document locks set by another user).

This option should only be available for administrators. By default, this parameter is deactivated.

Resource Permissions

No

Determines which permissions are always valid for this user.

There are the following permissions:

read, write, delete

 

Activities

The KM standard configuration contains a number of users as predefined system principals, including service users for the subscription service and the index management service. You do not normally need to modify the configuration.

To specify system principals and their permissions, choose Content Management  ® Utilities  ® System Principals.

 

Caution

Like other users, groups, and roles, the KM system principals need to have been defined in the portal user management. The name of the system principal needs to be identical to the user name in the portal user management.

 

Example

Permissions for an Administrator Role

Authorized to Change Resource Permissions = activated

Unlock Permission                         = activated

Resource Permissions                      = write, read, delete

 

Permissions for index_service User

Authorized to Change Resource Permissions = deactivated

Unlock Permission                         = deactivated

Resource Permissions                      = read

 

 

Leaving content frame