Configuring Security and Repository
Managers
Use
A single Knowledge Management (KM) Application Server (AS) Java system may be used by several CAF AS Java systems. Each of the CAF systems needs the following items to be set up on the KM system:
1. An instance of a CAF Security Manager.
2. An instance of a CAF repository.
3. An instance of a Content Management (CM) repository.
The CAF repository contains a view of the business entities and their instances in the CAF system. It does not contain the actual business entities instances. Instead, the CAF system is dynamically queried for them using the CAFDataService Web service.
The CM repository is a regular KM document repository. It is used to store the documents (represented by instances of the business entity Document) that are attached to entity instances.
The security manager is used to check permissions for access to the documents in both of the repositories. To determine the permissions it queries the CAF system using the CAFDataService Web service.
A CAF system accesses its corresponding KM system repositories using the KMBaseService, KMNodeService and KMRelationSvc Web services.
Prerequisites
· You have logged on to the KM with http://<host>:<port>/irj
Remember to replace <host> and <port> with the machine name of the portal you are using.
· You have navigated to System Administration → System Configuration → Knowledge Management →Content Management → Repository Managers.
Procedure
Configuring Repositories on the KM System
You need to create a new set of repositories and security managers. By default, one set of repositories and a security manager (for one CAF system) is present on the KM system. The set is:
● Security manager: CAFSecurityManager
● CAF repository: /caf
● CM repository: /documents_xapps
If you want to use the KM system with more than one CAF system, you need to create a new set of repositories and a security manager.
1. To create a new CAF Security Manager instance, navigate to System Administration → System Configuration →Knowledge Management → Content Management →Repository Managers and choose Show Advanced Options → Security Manager → CAF Security Manager.
2. Choose New and enter the following properties:
Property |
Value |
Name |
Enter an appropriate name. For example: CAFSecurityManager-<System_ID>, where <System_ID> is the name of the CAF system. |
3. To create a new CAF repository instance, navigate to System Administration → System Configuration →Knowledge Management → Content Management →Repository Managers → CAF Repository
4. Choose New and enter the following properties:
Property |
Value |
Name |
Enter an appropriate name. For example: caf-<System_ID>, where <System_ID> is the name of the CAF system. |
Prefix |
Enter the prefix under which this repository resides in the common KM content directory tree. For example: /caf-<System_ID>, where <System_ID> is the name of the CAF system. |
Repository Services |
Select the properties service. |
Security Manager |
Select the CAF Security Manager you have created. |
List of objects that are editable via the CAF object editor |
If the value of this property is not prefilled then enter sap.com/caf.core/Document. |
5. To create a new Content Management (CM) repository instance navigate to System Administration → System Configuration →Knowledge Management → Content Management →Repository Managers → CM Repository, select the document_xapps repository (the default one) and choose Duplicate. Enter the following properties:
Property |
Value |
Name |
Enter an appropriate name. For example: documents_xapps-<System_ID>, where <System_ID> is the name of the CAF system. |
Prefix |
Enter the prefix under which this repository resides in the common KM content directory tree. For example: /documents_xapps-<System_ID>, where <System_ID> is the name of the CAF system. |
Repository ID in the Database |
Enter an appropriate unique ID. For example: documents_xapps-<System_ID>, where <System_ID> is the name of the CAF system. |
Security Manager |
Select the CAF Security Manager you have created. |
To activate the new set of repositories and their security managers, restart the KM on the AS Java.
Configuring a Set of Repositories and a Security Manager for Use by a Specific CAF System
Before you start, make sure you have created a new set of repositories and a security manager for the specific CAF system, or use the default set (suitable if there is only one CAF system that is using the KM system).
...
1. To configure the CAF Security Manager Instance, navigate to System Administration → System Configuration →Knowledge Management → Content Management →Repository Managers and choose Show Advanced Options → Security Manager → CAF Security Manager, select the instance of the CAF Security Manager of the currently configured CAF System and choose Edit.
2. Configure the following properties:
Property |
Value |
URL of CAF Web service |
This is the URL of the endpoint of the CAFDataService Web service on the CAF system. The value must be: http://<host>:<port>/CAFDataService/Config?style=rpc_enc, where <host> is the host name or IP address of the CAF system and <port> is its HTTP port; For example: http://CAF-host:50000/CAFDataService/Config?style=rpc_enc. |
3. You may change the following properties but we recommend that you leave them with their default values:
Property |
Value |
List of users with full access |
This is a list of users that are given full access to the CAF and CM repositories, which are assigned to this security manager (for example, the security manager never queries the CAF system for these users). The list contains user names, separated by semicolons (;); no extra spaces or a final semicolon should be present. The user name cmadmin_service (the default value) must always be present in this property. |
List of users with read-only access |
This is a list of users that are given read only access to the CAF and CM repositories, which are assigned to this security manager (for write access, the security manager queries the CAF system as usual). The list contains user names, separated by semicolons (;); no extra spaces or a final semicolon should be present. The user names index_service and subscription_service (the default value) must always be present in this property. |
List of invisible business objects |
This is a list of business entities, which are not available on KM, but in the document or CAF repository. The business entity sap.com/caf.core/Document (the default value) must always be present in this property. |
You may put the user that you use to administrate the KM system in the list of users with full access. Then navigate to Content Administration → KM Content and inspect the CAF and KM repositories without being subject to the security settings of the CAF system.
4. To configure the CAF Repository Instance, navigate to System Administration → System Configuration →Knowledge Management → Content Management →Repository Managers → CAF Repository, select the CAF Repository Instance for the currently configured CAF System and choose Edit.
Property |
Value |
URL of the CAF Web service |
This is the URL of the endpoint of the CAFDataService Web service on the CAF system. The value must be: http://<host>:<port>/CAFDataService/Config?style=rpc_enc, where <host> is the host name or IP address of the CAF system and <port> is its HTTP port; For example: http://CAF-host:50000/CAFDataService/Config?style=rpc_enc. |
List of templates that are used in display name generation |
This defines the display name of a KM resource. Entries in the list are separated by a semicolon. Each entry consists of a name-value pair that contains the full qualified object name and the template that is used for display name generation. For example: sap.com/caf.tests/Course=Description: "<description>" (created by: "<createdBy>");sap.com/caf.tests/Student=Title: "<title>") For the property value sap.com/caf.tests/Course=Description: “<description>”(created by “<created by>”);” a resource name will be displayed. |
Configuring KM Permissions
1. Go to System Administration → Permissions → Portal Permissions → Security Zones → com.sap.caf.
2. With the secondary mouse button, select DefaultSecurity and choose Open Permissions.
3. Verify that the group Everyone is included in the Assigned Permissions table, if not add it with the following parameters:
Name |
Administrator |
End User |
Description |
Everyone |
None |
Activated |
Built-in Group Everyone |
4. Choose Save