cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to restrict users to access the files directly from /irj/go/km/docs/doc

Go to solution
Former Member

on ‎05-15-2009 3:49 PM

0 Kudos

Dear Experts,

I have made a folder in KM where I have saved some files, and also I have made a application from where user can access those files.

But the users are able to access the files by directly typing the path of the file in internet explorer, I have to restrict it that the user should not be able to access the files directly.

Please give your helpful suggestions.

Warm Regards

Upendra Agrawal

Edited by: Upendra Agrawal on May 15, 2009 4:49 PM

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member206159
Active Contributor
‎05-17-2009 5:09 AM
0 Kudos

Hi Upendra,

A user can see the KM documents only if he have atleast read permission to that document.

Generally we give permissions to the folders where your documents stored. The documents inherits the properties of its parent folder.

We can give permissions to a folder as users, groups or roles.

check your KM folders permissions. go to the context menu of your folder Details->settings->permissions

There remove all the roles and groups and users. and give to the permisson to the people who needed

If role is added then people who assigned to that role will automatically view all the docs

Similar with the case of groups also.

Hope it will help you.

Raghu

Show replies
Show replies
Former Member
‎05-18-2009 8:33 AM
0 Kudos

Dear Experts,

I have given the read permission to a group of people whom i wish to show the pdf document,

but my problem is that, I do not want the user to access those file from the URl the path of the document, i want them to view the document from my application,

If I remove the permissions, the user wont be able to view the files from my application too.

Please suggest.

Warm regards

Upendra Agrawal

Former Member
‎05-18-2009 10:07 AM
0 Kudos

That's by design. Access privileges are checked no matter how the resource is accessed. Everything else would be a big potential security hole.

Best regards, Julian

former_member206159
Active Contributor
‎05-18-2009 10:49 AM
0 Kudos

Hi Upendra,

If the end user knows the url of the KM document and if he has atleast read permissions then he can access directly. we cannot stop him to do so in standard procedure.

Raghu

Former Member
‎05-19-2009 6:25 AM
0 Kudos

Dear Experts,

Is seems that its my design issue that the users are able to see the path of the document, but can you please tell me what is the standard or the secure process/design,

from which I may show documents to users

Request you to please suggest.

Warm Regards

Upendra Agrawal

Former Member
‎05-19-2009 6:52 AM
0 Kudos

Hi Upendra:

If your requirement is to provide access to a Single document, go for KM Document iView which is nothing to do with the user permissions. This will never allows a user to know the path of the document.

Or if you want to give access to a 'Folder(s) & Files', then you know what others have answered.

By the way, what is your application??

Thanks,

MS

Former Member
‎05-20-2009 8:15 AM
0 Kudos

Dear Experts,

my Application is to show a different document(pdf file) to differedt users(based on their employee code),

so it is not feasible for me to make the KM Iview.

So how should I make my application that the users may view/download the link without know the URL.

Warm Regards

Upendra Agrawal

Former Member
‎05-20-2009 1:42 PM
0 Kudos

Hello,

You can have a link/button react to a mouse clic by reading the KM document and putting it on the htpp flux with the correct header (this is the same kind of code that is used when you generate the pdf). As the file access is in you server-code, user will not have access to the URL...

an exemple for the WD Java (coming from this [PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0cc41cb-9576-2b10-99a6-ab90ef28c73b]), with slight modifications :

public void exportToPDF( ) {
   //@@begin exportToPDF()
   ByteArrayOutputStream outputStream = null;

   outputStream = new ByteArrayOutputStream();
   // read the file with KM API and copy it to the outputStream
     ...
   //
   showPopUp(WDWebResourceType.PDF, outputStream, "PDF Out Put");
   outputStream.close();
//@@end
}

regards

Guillaume

Former Member
‎05-20-2009 1:43 PM
0 Kudos

Hello Upendra,

I suppose users are accessing the files directly using /irj/go/km/docs/<path_to_document> URL.

This will call a KM Document iView from the Standard User Role

(pcd:portal_content/every_user/general/eu_role). If you wish to stop users from accessing documents like that, remove the KM Document iView from it or change its Authentication Scheme.

However be aware that this could bring bigger problems, since it's like a default/general point

of access to documents, removing or restricting this access may prevent users from seeing

every image you got into your portal for example.

Also, it's possible to display different documents based on user id, you could create

these pdf files into /userhome

then create a KM Document iView linking to

/alias/userhome/<user.id>/documents/file.pdf

regards,

Rafael

Former Member
‎05-21-2009 8:24 AM
0 Kudos

Dear Rafael,

Please tell me more about userhome.

Where I can find more details on it like , how to use, when to use, where to use etc etc.

Regards

Upendra Agrawal

Former Member
‎05-21-2009 12:11 PM
0 Kudos

Hello,

/userhome is a folder under KM /root. It's used to store personal

data for users, for example, wastebasket, favorites.

cmadmin_service automatically creates new folders as users are

logging on and using KM features.

There is also a standard entry point "Personal Documents" that you could

use which links to a folder into userhome

You can find some more info here:

http://help.sap.com/saphelp_nw70/helpdata/EN/75/85fd3f093bc942e10000000a1550b0/frameset.htm

Answers (4)

Answers (4)

former_member213219
Participant
‎05-18-2009 9:59 AM
0 Kudos

If user is having access URL (the path of the file), he will be able to access i.e. we cannot stop him to access the file directly.

But I am not able to get how user will get this URL as he will not be having access to

Content Administration --> KM Content to find the URL for doc.

Only developers can access the doc through URL as we can go inside the properties of required doc and there we can get the URL.

Please let us know if your issue is resolved...

Show replies
Show replies
LJB
Contributor
‎05-16-2009 9:27 PM
0 Kudos

Hi Upendra,

You need to define strict ACLs on your content so that it is only visible to whatever users, groups or roles you wish to see it, see SAP note 599425.

Then if a user doesn't have at least read permission on a file/folder they will not be able to view it, regardless of whether they know the URL or not.

Regards,

Lorcan.

Show replies
Show replies
vishal_gupta15
Contributor
‎05-15-2009 5:07 PM
0 Kudos

Hi Upendra,

This URL is define at following path go to Context menu of the file then follow

Details -> Properties -> Access Link -> Target URL .

You need to change this value.

_Vishal

Show replies
Show replies
birojpatro
Contributor
‎05-15-2009 4:32 PM
0 Kudos

Folder permission may work. Not sure though. Just give it a try.

Regards,

Biroj Patro.

Show replies
Show replies
Ask a Question