cancel
Showing results for 
Search instead for 
Did you mean: 

ACL Inheritance in DMS

Former Member
0 Kudos

Hello DMS experts,

Scenario:

Folder 1(Created by ABC user)---XYZ user is not authorized (by creating ACL in folder with NoAutho as activity for XYZ )

Document 1(Created by ABC user)--A new document checked into this Folder1.

Issue:

According to inheritance, this document is suppose to carry the ACL authorization from Folder 1, but currently unless we create the ACL manually (By navigating to Authorization tab in the document properties, and clicking on "Create Admin Authorization")these inheritance is not copied to the document automatically. If this is standard SAP behavior, then what is the use of Inheritance?. (Registry key AutoInheritedAuth=1 maintained)

It is practically not possible to manually create these ACL for all sub folders and documents when they are created.

Need your suggestion/clarification on this....

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Maintaining Registry key AutoInheritedAuth=1 at both Machine & User level would solve this issue.

former_member188883
Active Contributor
0 Kudos

Hi Raghav,

Option 1

u2018ACO_SUPERu2019 is the only PFCG object for working with ACLs in SAP Easy Document Management.

PFCG roles (objects) and ACLs are independent of each other. If both PFCG objects and ACLs are maintained, the system takes both of them into account, but PFCG roles are given preference.

Option 2

you can use Folder and Inheritance of ACL. You create the folder for each user group and create ACL authorization for them. You don't give ACO_SUPER for the users. When they create a new DIR, they have to assign superior document for this DIR. If an user doesn't belong to a Folder, he can't access DIR in there. With this solution you can use Document Type, Status and ACLs to restrict authorization.

Regards,

Deepak Kori

Former Member
0 Kudos

Hello Deepak,

Option 1:

My question is related only to Inheritance of ACL authorization and lets assume that PFCG objects are in line with it.

Option 2:

Lets say, I have Folder1 with 10 documents inside, I have not assigned ACO_SUPER for ABCD user and ACL is created for Folder1 with "NoAutho" to ABCD user to this folder. ABCD user is authorized to access this Folder1 and its documents as per the PFCG objects.(Hence, my requirement is, according to PFCG roles the user is authorized for relevant document types and objects but i want to restrict the user only to certain folder and its documents using ACL)

1. What is the need of assigning superior document, when the definition of inheritance itself says that properties of superior folder is copied to child items?

2. Those 10 documents are visible to ABCD user or not?.

*Currently only the folder is not displayed to user, wherein if the user searches the documents, it is visible. If we manually create ACL in the properties of each of these documents, then it copies the ACL (from inheritance) and stops displaying to user even in search (which is desired). Hence, the only issue here is, copying of inheritance ACL automatically.