cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Read only rights in a content server

Former Member

on ‎06-25-2008 1:04 PM

0 Kudos

Hello, we have a content server which we can access from 2 different SAP systems.

Now we want to secure the content server that read/write access is only possible from SAP system A, and from SAP system B we would like only to have read access.

Working with certificates did not give till now any solution.

From the moment we submit a certificate from server B, we can do read/write towards the content server

Removing the certificate in CSADMIN on SAP system B will prevent reading of the content server.

We run Contentserver 6.40 in a AIX5.3 /MaxDB 7.6 environment with adminsecurity in cs.conf set to 1

Regards, Danny

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-28-2008 7:45 AM
0 Kudos

Configure DefaultDocProt in Content Resp Setting in Tcode - CSADMIN

Name: DefaultDocProt

Type: Character

Default setting: ""

Values: {r c u d} r - Read, c - Create, u - Update, d - Delete

Mandatory: no

Description: DefaultDocProt determines document access protection for this repository. The default value for the security level can be overwritten when this document is stored. As the default value is usually used, however, this parameter is relatively unimportant. This parameter mainly influences whether or not a signature is required for creating a document.

Show replies
Show replies
Former Member
‎06-30-2008 8:17 AM
0 Kudos

Hello,

The parameter resticts the repository access from any system.

I am looking for a possibility to restict the access depending on which system goes to the repository. Eg: if worked with SAP system A you way create and update the repository

if you work with SAP system B (which is a copy from system A),you may only read the repository.

Former Member
‎06-30-2008 8:37 AM
0 Kudos

In SAP System A

Go to CSAdmin transaction code.

Select the content repository

Select settings tab

Define

DefaultDocProt as r c u d

similarly

In SAP system B

Go to CSAdmin transaction code.

Select the content repository

Select settings tab

Define

DefaultDocProt as r

By doing this

if we work in SAP system A we can create,update &

if we work in SAP system B we can only read the content which had been already created.

Former Member
‎06-30-2008 9:05 AM
0 Kudos

Hello,

This will not work. In CSADMN the settings tab is not more then the file cs.conf on the apache server. CSADMIN reads this file and update it.

If we do this from 2 different systems, the only result is that system A will update this file, when you then make the change with system B, it will read the cs.conf file (just changed by system A) and change the entry again.

The cs.conf file has entries per repository name, not repository and accessing system.

In the example below the DefaultDocProt parameter gets constantly updated

[ContentServer]

TraceLevel=warning

AdminSecurity=0

AdminSecurityGroup=sapsys

ContRepRoot=/application/plpcs/contrep

ContentStorageHost=tastr057

ContentStorageName=SDB

StorageDriver=SAPDBStorage

PSEDir=/application/plpcs/security

[contRep-ZSTR057]

ContentStorageHost=localhost

ContentStorageName=SDB

Storage=ContentStorage.dll

Security=1

DefaultDocProt=r

Former Member
‎06-30-2008 9:22 AM
0 Kudos

Have you tried it.

Do the changes in CSAdmin Tcode in both SAP System.

when you use SAP System A configuration file will be

contRep-ZSTR057

DefaultDocProt=

And when you use SAP system B Configuration file will be automatically updated to

contRep-ZSTR057

DefaultDocProt=r

Former Member
‎06-30-2008 10:41 AM
0 Kudos

Yes this has been tried.

When you have updated with system B and content looks like

contRep-ZSTR057

DefaultDocProt=r

If you then go to system A and look into CSADMIN, you see also

contRep-ZSTR057

DefaultDocProt=r

You could change this to for example on SYSTEM A to

contRep-ZSTR057

DefaultDocProt=ruc

If you then go to system B in CSADMIN you wil also see

contRep-ZSTR057

DefaultDocProt=ruc

the CSADMIN settings are stored in the file on the contentserver (Apache part) and not in SAP

We were hoping that with the certificates we could do something.

But as what I can tell after all test we have done is that a content server is standing on its own, and only link it has to identify systems is via a certificate.

I have a user who says he has done this kind of a test on an other environment we have and there he was successfull, but we can not repeat the test, nor does the user know how he had set it up.

That is why I am asking how this could be done.

Former Member
‎04-22-2014 3:22 PM
0 Kudos

How could you solve this? We have a similar requirement.

Former Member
‎11-26-2014 7:44 AM
0 Kudos

Hello,

We have the same requirement since we made a system copy and do not wish to double the content repositories.

Could you share how you solved it ?

Thanks

Ask a Question