Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Anonymous user want access to an iview of the portal

Hello,

I have a problem with the security in portal. The fact is I want an anonymous user access to an iView. For that I do it :

- I created an iView with visual composer which call an alias of a java web service declared in system administration,

- I add an anonymous user group in the permission properties (End user is checked) of the iView

- I add an anonymous user group in the permission properties (End user is checked) of web service alias

When i execute iView with a direct URL, I can see the iView but I can execute an action which call an web service alias. When I look at defaultTrace.trc in Log Viewer (Visual Administrator), I have this message :

com.sapportals.portal.prt.runtime.PortalRuntimeException: Access is denied: com.sap.visualcomposer.vcbroker - user: Guest,

This iView works fine with an logged user. Could you tell me if I forget something when I give permission to an anonymous user ?

Sorry for my english _

Best regards

Former Member
Former Member replied

Francois,

See sap Note # 985983

Symptom

An anonymous portal user is trying to run a Visual Composer Flash iView but discovers that this activity is not possible.

Reason and Prerequisites

The action of running a Visual Composer Flash iView activates a direct Portal component; when run by an anonymous user it exposes the backend systems to non secure activities.

Solution

No workaround is available as the workaround will expose the security described issue.

Mr.Chowdary

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question