on 06-25-2008 1:04 PM
Hello, we have a content server which we can access from 2 different SAP systems.
Now we want to secure the content server that read/write access is only possible from SAP system A, and from SAP system B we would like only to have read access.
Working with certificates did not give till now any solution.
From the moment we submit a certificate from server B, we can do read/write towards the content server
Removing the certificate in CSADMIN on SAP system B will prevent reading of the content server.
We run Contentserver 6.40 in a AIX5.3 /MaxDB 7.6 environment with adminsecurity in cs.conf set to 1
Regards, Danny
Configure DefaultDocProt in Content Resp Setting in Tcode - CSADMIN
Name: DefaultDocProt
Type: Character
Default setting: ""
Values: {r c u d} r - Read, c - Create, u - Update, d - Delete
Mandatory: no
Description: DefaultDocProt determines document access protection for this repository. The default value for the security level can be overwritten when this document is stored. As the default value is usually used, however, this parameter is relatively unimportant. This parameter mainly influences whether or not a signature is required for creating a document.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
The parameter resticts the repository access from any system.
I am looking for a possibility to restict the access depending on which system goes to the repository. Eg: if worked with SAP system A you way create and update the repository
if you work with SAP system B (which is a copy from system A),you may only read the repository.
In SAP System A
Go to CSAdmin transaction code.
Select the content repository
Select settings tab
Define
DefaultDocProt as r c u d
similarly
In SAP system B
Go to CSAdmin transaction code.
Select the content repository
Select settings tab
Define
DefaultDocProt as r
By doing this
if we work in SAP system A we can create,update &
if we work in SAP system B we can only read the content which had been already created.
Hello,
This will not work. In CSADMN the settings tab is not more then the file cs.conf on the apache server. CSADMIN reads this file and update it.
If we do this from 2 different systems, the only result is that system A will update this file, when you then make the change with system B, it will read the cs.conf file (just changed by system A) and change the entry again.
The cs.conf file has entries per repository name, not repository and accessing system.
In the example below the DefaultDocProt parameter gets constantly updated
[ContentServer]
TraceLevel=warning
AdminSecurity=0
AdminSecurityGroup=sapsys
ContRepRoot=/application/plpcs/contrep
ContentStorageHost=tastr057
ContentStorageName=SDB
StorageDriver=SAPDBStorage
PSEDir=/application/plpcs/security
[contRep-ZSTR057]
ContentStorageHost=localhost
ContentStorageName=SDB
Storage=ContentStorage.dll
Security=1
DefaultDocProt=r
Yes this has been tried.
When you have updated with system B and content looks like
contRep-ZSTR057
DefaultDocProt=r
If you then go to system A and look into CSADMIN, you see also
contRep-ZSTR057
DefaultDocProt=r
You could change this to for example on SYSTEM A to
contRep-ZSTR057
DefaultDocProt=ruc
If you then go to system B in CSADMIN you wil also see
contRep-ZSTR057
DefaultDocProt=ruc
the CSADMIN settings are stored in the file on the contentserver (Apache part) and not in SAP
We were hoping that with the certificates we could do something.
But as what I can tell after all test we have done is that a content server is standing on its own, and only link it has to identify systems is via a certificate.
I have a user who says he has done this kind of a test on an other environment we have and there he was successfull, but we can not repeat the test, nor does the user know how he had set it up.
That is why I am asking how this could be done.
User | Count |
---|---|
102 | |
12 | |
11 | |
6 | |
6 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.