cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

cFolder authorisation

Former Member

on ‎03-18-2010 7:52 AM

0 Kudos

Hi,

We are using cFolders 4.5 with backend ECC 5.0. Our collaboration folder structure is as follows,

Scenario-1

 Root Folder

 Folder-level1

 Folder-level2

 Folder-level3

Letu2019 s say I have users namely User-1, User-2 & User-3

As per the requirement, User-3 should access only Folder-level3. I donu2019t want user-3 to see all Folders above Folder-level3. But because of system constraint, we need to give authorisation at Collaboration scenario itself to access the documents. Because of this, User-3 will be able to see Scenario-1, Root folder, Folder-level1, Folder-level2 and Folder-level3. Is there any way to restrict the User-3 to view only Scenario-1, Root folder and Folder-level3.

Regards,

Prasanna.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

ulf_petzel
Advisor
Advisor
‎03-25-2010 9:23 AM
0 Kudos

Hi,

so you stated that authorizations are ALWAYS granted on the collaboration level for all users? Why that? In this case of course, all authorizations are inherited top down. Why don't you grant access to USER3 only on level 3?

Maybe what could help you here is to leverage status management. Per default, you would assign a certain status to all objects and folders that is not allowing USER3 to access those objects / folders. Once you want to make an object available to the user3, then you need to switch the status to a status which allows him to see the object.

Regards, Ulf.

Show replies
Show replies
Former Member
‎03-30-2010 4:37 AM
0 Kudos

Dear all,

Status management will not work because it deals only with a given document not a higher level folder.

The contraint in cFolder is, If you want to give authorisation for any level below a scenario, then you must give read authorisation to the users at scenario level. Otherwise, user will not be able to see the scenario in the home page. It implies that authorisation will be inherited from top. My requirement is that i don't want to give authorisation to an user at level-1 and level-2, but he must have admin authorisation at level-3 in a folder structure. When i am trying to remove the authorisation at level-1 and level-2 which was inherited from scenario, level-3 folder is not visible at all. Hope the problem is understood.

Prasanna

Former Member
‎03-30-2010 1:12 PM
0 Kudos

Hi Prasanna,

I did understand what you were asking. Unfortunately, this is the standard behavior and IMHO this does make sense. If the user does not have at least "read" to the higher level folders there is no way for him/her to get at the lower levels. It is something like give somebody a key to a room in a locked house and asking them to access the room without a house key (probably not the best analogy, but that's all I could think of :).

If you explicity overide inherited authorizations to the other objects to "none" in level-1 and level-2, then the user will only see the higher level collaboration and folder. Depending on the number of objects this might require some work.

Cheers,

Lashan

Former Member
‎04-18-2010 6:32 PM
0 Kudos

folder1.1 read

===folder2.1 read

======= folder3 admin

===folder2.2 none

folder1.2 none

Dont keep any docs in the folder1.1,2.1

i guess it is left to your folder hierarchy

Former Member
‎03-18-2010 7:34 PM
0 Kudos

The way you would want to setup the ACL authorization for user 3 would be as follows.

Scenario-1 - READ

 Root Folder - READ (inherited from Scenario-1)

 Folder-level1 - NONE (overide inherited authorization)

 Folder-level2 - NONE (overide inherited authorization)

 Folder-level3 - READ (inherited from Scenario-1)

This way user 3 will not ssee Folder-level 1 and folder-level2. If there are any other documents under root folder which you don't want user 3 to see you will need to explicitly set the local authorization on those documents to none.

Show replies
Show replies
Former Member
‎03-19-2010 8:02 AM
0 Kudos

Hi,

I have given the authorisation in the Scenario and folder in the same way as you mentioned by you. But still the user-3 could see folder level1 and level2. Is there any way we can control this in authoorisation (SU01).

Prasanna

Former Member
‎03-22-2010 10:38 AM
0 Kudos

Maybe in the scenario described is worth exploring the possibilities of notifications. When sending a notification on folder 3, the user receiving the notification will only be allowed to see the contents in this folder (and not the levels above).

See if this suits your requirements for the user 3 usage of the tool...

BR

Neil

Former Member
‎03-24-2010 1:21 PM
0 Kudos

What are the back-end roles assigned to User 3? Does this user have any roles (such as CFX admin roles) which contain authorization object ACO_SUPER? In order to test this out I would create a new user and only assign SAP_CFX_USER and test.

Ask a Question