Propagation of ACLs 
Use
This report allows you to propagate the ACL for a resource (document or folder) 1:1 to other folders and their contents or to individual documents.
Prerequisites
You are using the ACL security manager delivered by SAP for the repositories that the resources are located in.
We recommend creating a file in advance, assigning the required permissions to it, and using this file as a template (ACL Template Resource).
Features
You can use this report to perform the following operations:
● Assign new ACLs
● Overwrite existing ACLs with a new ACL
● Merge existing ACLs with a new ACL
● Merge inherited ACLs with a new ACL
● Delete existing ACLs
You can configure the following settings for this report.
Scope tab
Parameter |
Description |
Location |
Specifies the folders to which you want to propagate the ACLs. |
Maximum Results |
The system terminates the search when it has found the corresponding number of items. The entry -1 signifies all items. |
Parameters tab
Parameter |
Description |
ACL Template Resource |
Specifies the path of a normal resource in KM (document or folder), whose ACL settings are to be propagated to other resources. You can also call this resource the ACL template. |
Merge with existing ACLs (overwrite if unchecked) |
If this parameter is activated, existing ACLs are merged with the entries in the ACL template. If this parameter is deactivated, existing ACLs are overwritten by the entries in the ACL template. |
Merge with inherited ACLs |
In the folder hierarchy of a KM repository, permissions are inherited by subordinate folders from superordinate folders. Therefore, an item in a folder must not have its own ACL, but inherits the permissions of the superordinate folder. If this parameter is activated, the ACLs for the superordinate folder are propagated to the target you have defined (Location) and merged with the ACLs in the ACL template. The resulting “merged“ ACL consists of the inherited permissions and the permission in the ACL template. This parameter is only taken into account if the Merge with existing ACLs parameter is selected and inherited permissions exist. |
Deep Propagate |
If this parameter is activated, the ACLs are propagated to all resources in all subfolders for the selected target folder (Location). If this parameter is deactivated, the ACLs are propagated only to the items (resources and folders) directly in the selected target folder and to the target folder itself. |
Show ACL Details |
If this parameter is activated, the system displays detailed information about the ACLs for a resource. In the detailed information, you can find the permission owners and the assigned permissions. If this parameter is deactivated, the system displays only default information. Do not activate this parameter if a large number of permissions are assigned for resources, because displaying the details can negatively impact performance and you can lose track of the permissions. |
Commands tab
Command |
Description |
Perform ACL Operations |
The command performs the required ACL operations. If you select the target directories and the parameters and then choose Start to run the report without activating this command first, the system first scans all resources and displays an overview of the resources and the planned operations. On the overview, you can exclude specific resources that the report should not take into account. Then select the command and start the report again. However, if you select this command and choose Start to run the report, the ACL operations defined are performed immediately. You cannot make any further changes. If you activate the Use inherited ACL where possible parameter, the report checks the existing ACLs in the superordinate folders, whose ACLs are passed on by default. If the resulting ACL matches the ACL that is passed on from a superordinate folder, the report does not create a new ACL or delete the existing ACL, but continues to use the principle of inheritance. |
You can also use the report to delete ACLs. To do this, you choose a resource that does not have any ACLs as the template. You then run the report for the resources whose ACLs are to be deleted.
Activities
To propagate or delete ACLs, proceed as follows:
...
1. Launch the report. In the portal, choose Content Administration ® KM Content ® Toolbox ® Reports ® Security ® Propagation of ACLs.
2. Choose Start and specify a name for the report.
3. On the Scope tab, you choose the target, this is generally a folder containing resources to which you want to propagate the ACLs in the template.
4. On the Parameters tab, you enter the ACL template and choose further parameters.
5. Go to the Commands tab and choose Start. The system performs a check. The results of the check contain a summary of the planned operations. You can check them and make any necessary corrections.
6. Go to the Commands tab again and select the Perform ACL Operations command. Choose Start to run the report.
The results contain a detailed summary of the executed operations.
Note that the report can impact performance if too many documents are processed.
See also:
Permissions in KM Repositories