Hi,

We are splitting the company in two but keeping a single instance of our systems for now. Earlier we didn't give special access rights to the different folders in DMS, it was basically admin, display or nothing to the entire DMS.

Now we need to split the authorizations for the two companies. My idea was to create two new folders under the top node and move the respective folders/documents into those two new folders. Using ACL to give noAuth on top level and Admin-rights for the two different new folders by connecting two new user roles attached to the users of respective company.

I have tested the setup in a sandbox and it seems to work. When testing I gave noAuth on top level and added my new roles on two different documents and then tested with my two users. All was fine.

Then I created my new folders for the respective company, and gave Admin rights (using roles) for my test users. User A for Folder A and user B for folder B. My idea are that User A will have access using Admin on Folder A but noAuth on folder B inherited from top node.

But when I tried to access other documents in those folders, I got an unexpected result. I could access all documents despite folder.

I see in the authorization tab that there are no authorizations at all, not even the inherited ones. Not until I click the Create Admin authorization button in the explorer interface or create a document specific authorization in SAP GUI. Then I get the inherited authorizations.

We have tens of thousands of documents in the DMS. It cannot be necessary to go into every document and create a document specific authorization to get this inheritance working? Or is it? Isn´t there a report och something that can set this up for me? We cannot be the first company deciding to switch on ACL authorizations after some years work in the system. Please tell me SAP has a function for this?!

kind regards,

Glenn