ACL documentation?

I assume ACL is "access control list". I have seen in mentioned in only a few places and nowhere have I seen any significant documentation about them. Are they create when you grant access for any item?

Hi ,
Role Access List - To enable this you will need to enabled RoleEntityACL component .
1. Navigate to UCM - Administration - Admin Server - Component Manager
2. There select the "here" hyperlink
3. Check the option for System Components
4. Under Disabled component select RoleEntityACL component and enable it .
5. Restart the ucm server and then on the checkin page Role Access List will show up .
Thanks
Srinath

Similar Messages

Issue of ACL

hi Experts,
I am using wcc11.1.1.7, according to Kyle's blog:
https://blogs.oracle.com/kyle/entry/new_security_configuration_flag_ucm_ps3
I finished ACL configuration as the following:
in $domain/ucm/config/config.cfg, added:
UseEntitySecurity=true
SpecialAuthGroups=ACLGroup
AllowQuerySafeUserColumns=true
I restarted ucm server, then user1 checkin a doc with security grp name of ACLGroup, add user2 with RWDA for user access list, but user2 can not search this doc out, what could be the issue for this?
Best regards

Hi ,
I think the problem here is about understanding how ACL's work .
Basically , ACL is not meant to give / revoke security access / privileges for a document on the fly . It is used to tighten security structure by 1 more notch so that security can be applied on item level . This means that an item can be sub-classified among users who share the same security group / roles to the content item .
Please read through the following forum post which illustrates this point : https://forums.oracle.com/thread/1003039?t
Also , go through the ACL Documentation : http://docs.oracle.com/cd/E28280_01/doc.1111/e26692/securityacls.htm#BEIEIHCA
Section : 21.4 Access Control List Permissions
This line captures the core of ACL functionality :
However, users must also satisfy security criteria for access through the Content Server security group and the account (if Accounts are enabled). If any of these security criteria deny a certain permission, users will not have that permission to the content item.
When a user searches for a content item, all three ACL rights fields are combined as an "OR" condition. That result is combined in an "AND" condition with the result of the Security Group and Account fields. The user conducting the search must have Read permission to the security group, to the account (if accounts are enabled), and to at least one of the three ACL fields to be able to find the content item.
Thanks,
Srinath

Creating Restricted area of Website

How do I create the restricted area of website based on weblogic groups, for example whenever enduser invokes the URL in URL bar, I have to pop-up a small window by asking the username and password.. based upon that username I need to indentify which group he belongs to and I have to display that group home page. Live example like what you people are poping up the dialog box for BEA Customers.. to login..
          thanks for your support..


look into the ACL documentation .... it is straightforward and simple.
          u could provide a list of url's that could be accessed by everyone and some
          only by others;
          -Sumanth
          "chandrasekhar patarlapalli" <[email protected]> wrote in message
          news:39e1bf72$[email protected]..
          How do I create the restricted area of website based on weblogic groups, for
          example whenever enduser invokes the URL in URL bar, I have to pop-up a
          small window by asking the username and password.. based upon that username
          I need to indentify which group he belongs to and I have to display that
          group home page. Live example like what you people are poping up the dialog
          box for BEA Customers.. to login..
          thanks for your support..

Documentation on what the ACLs in the File Realm are?

Howdy,
I've been looking through the WL 6.0 security documentation, and for the life
of me I can't find a list of what all of the different ACLs that are listed in
the fileRealm.properties file are, (acl.modify.weblogic.jndi.weblogic.qa=everyone,
etc...) and what each one's role (pardon the pun) is. Granted most are blantantly
obvious just by their name, but some are a bit vague.
I know this info was clearly stated in the WL 5.1 docs, but I just can't seem
to find it in the 6.0 docs. Anyone know where I can find documentation about what
all of the ACLs in the FileRealm are?
Thanks!

Let me know if this helps
http://e-docs.bea.com/wls/docs60/adminguide/cnfgsec.html#1053055
There is a section on defining acl's
Brian Ploetz wrote:
Howdy,
I've been looking through the WL 6.0 security documentation, and for the life
of me I can't find a list of what all of the different ACLs that are listed in
the fileRealm.properties file are, (acl.modify.weblogic.jndi.weblogic.qa=everyone,
etc...) and what each one's role (pardon the pun) is. Granted most are blantantly
obvious just by their name, but some are a bit vague.
I know this info was clearly stated in the WL 5.1 docs, but I just can't seem
to find it in the 6.0 docs. Anyone know where I can find documentation about what
all of the ACLs in the FileRealm are?
Thanks!

ACL's messed up, I think

I recently made the mistake of using SuperDuper (great program, just not Leopard ready) to make backups of my system since that first week in November after installing 10.5. Since the sparseimages were getting created, and I wasn't getting error output, I thought all was well. Anyways, I wanted to muck with the partitioning schema, so I made a full backup and then formated my internal hard drive. I booted from dvd and mounted the image, and restored the image. This is when I discovered that super duper didn't have a valid backup, everything data wise was there, but the disk just wont boot no matter what. Anyways, I tossed a spare 500 gig esata disk on, and restored the image to the external disk. I then re-installed leopard to my internal drive and used the migration utility to migrate all of my real system into the new leopard install.
Somewhere along the way, the ACL's got jacked up. After getting the system back booting, a handful of system preference .kexts wouldnt load, Entourage couldn't get access to multiple identities (this is where I got the hint, as it straight out told me permissions were wrong the identities folder and to have a admin move the identities to a location with access. Firefox was all messed up as well. I should have just reinstalled and then just copied my ~ directory over (I thought) but I soon found that chown myusername:myusername (I am the admin too) on the identities folder recursively fixed the entourage, and I just went directory by directory changing ownership by sudo chown.
Anyways, today I noticed that my terminal history wasn't being created using history I got nothing, even after being at the cl for a hour or so.
I decided to sudo chown -R me:me ~, but I know this is not enough, as I cant save a pdf document I want to the symlink at the root of my system hard drive to User Guide and Information.
Also, diskutil repairPermissions /Volumes/myinternaldisk isnt fixing it, as a matter of fact I am getting some output from the command.
septic-mbp:Library nicitaja$ sudo diskutil repairPermissions /Volumes/OSX
Started verify/repair permissions on disk disk0s2 OSX
User differs on "private/tmp", should be 0, user is 501
Group differs on "private/tmp", should be 0, group is 501
Permissions differ on "private/tmp", should be drwxrwxrwt , they are drwxr-xr-x
Permissions differ on "private/var/log/secure.log", should be -rw------- , they are -rw-r-----
Permissions differ on "usr/bin/SetFile", should be -r-xr-xr-x , they are lrwxr-xr-x
ACL found but not expected on "Applications"
ACL found but not expected on "Library"
[ + 0%..10%..20%..30%..40%..50%..60%..70%..80%..90%..100% ]
I've searched and seen that the 10.5.1 update jacked up some permissions (people loosing write ability to items within their own Documents folder) and that said to run the 10.5.1 update manually after downloading it from apple's site manually (vs automated system update at the apple menu). But I didn't have that problem, so I didn't continue exploring those issues. (I have had to do this to a mac in the office where user lost those privileges)
Anyways, could someone give me some pointers on where to globally change owner ship.
I have a TON of macports and fink updates, and I have no problem globally changing ownership recursively on these folders because NO one but me uses them).
its the Mac specific folders I don't have experience with, the standard bsd linux file structure I have experience working with as well. I have no users on my system but me, if some one could save me the time from having to re-install every app into a fresh leopard install, I would be most appreciative.
I just located the User Guide and Information symlink in /Library/Documentation and the folder carried 755 permissions for some reason. I sudo chmod 775 to it and now (well you get the picture, I have the write bit now).
Again, any hints or at least a list of places I can change
i.e.
/Library can be changed to username:username -R and wont mess anything up
/Users .... .....
Thanks

Boot to the Leopard install disk and from the Utilities menu select a user account that needs its ACL's reset.
Then select the reset option at the bottom.
It is done when there is a faded Done button at the bottom and you can select the hard drive and user name again and the reset button is available again.
This only resets the top levels of the user directories but you should be able to use the Get Info window to complete the changes by choosing to apply to enclosed items.

Problem creating Network ACL for a ROLE in Oracle 11gR2

According to Oracle Documentation when you create a new Network ACL you can add privileges to a user or role. I need to create a new ACL for the UTL_SMTP package for a specific role, but when I granted it the users who have that role are still getting the "ORA-24247: network access denied by access control list (ACL)" error when they try to send an email. If I grant the ACL privilege to the same users directly it works fine. Is there any step I'm missing? This is the test I have made on my Solaris 10 - Oracle 11gR2 (11.2.0.3) Standard Edition server:
SQL*Plus: Release 11.2.0.1.0 Production on Wed Aug 21 09:31:52 2013
Copyright (c) 1982, 2010, Oracle. All rights reserved.
SQL> CONNECT system/******@testdb
Connected.
SQL> SET LINES 1000
SQL> SELECT * FROM v$version;
BANNER
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
PL/SQL Release 11.2.0.3.0 - Production
CORE    11.2.0.3.0      Production
TNS for Solaris: Version 11.2.0.3.0 - Production
NLSRTL Version 11.2.0.3.0 - Production
SQL> COLUMN host FORMAT A20
SQL> COLUMN lower_port FORMAT 99999
SQL> COLUMN upper_port FORMAT 99999
SQL> COLUMN acl FORMAT A40
SQL> COLUMN acl FORMAT A40
SQL> COLUMN principal FORMAT A15
SQL> COLUMN privilege FORMAT A10
SQL> COLUMN is_grant FORMAT A8
SQL> COLUMN status FORMAT A10
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
no rows selected
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
no rows selected
SQL> CREATE USER testacl IDENTIFIED BY testacl;
User created.
SQL> GRANT CONNECT TO testacl;
Grant succeeded.
SQL>
SQL> BEGIN
2     dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL',true,'connect');
3     dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
4     commit;
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST                 LOWER_PORT UPPER_PORT ACL
localhost                    25         25 /sys/acls/test_smtp.xml
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
ACL                                      PRINCIPAL       PRIVILEGE IS_GRANT
/sys/acls/test_smtp.xml                  TESTACL         connect    true
After creating this ACL I test it like this:
SQL> CONNECT testacl/testacl@testdb
Connected.
SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
HOST                 LOWER_PORT UPPER_PORT PRIVILEGE STATUS
localhost                    25         25 connect    GRANTED
SQL> DECLARE
2     c utl_smtp.connection;
3 BEGIN
4     c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
5     utl_smtp.helo(c, 'localhost');
6     utl_smtp.mail(c, 'Oracle11.2');
7     utl_smtp.rcpt(c, '[email protected]');
8     utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
9     utl_smtp.quit(c);
10 END;
11 /
PL/SQL procedure successfully completed.
SQL>
This works fine and I receive the email correctly. Now if I try to do the same thing for a role:
SQL> CONNECT system/******@testdb
Connected.
SQL> BEGIN
2     dbms_network_acl_admin.drop_acl('test_smtp.xml');
3     commit;
4 END;
5 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
no rows selected
SQL> CREATE ROLE testacl_role;
Role created.
SQL> GRANT testacl_role TO testacl;
Grant succeeded.
SQL> ALTER USER testacl DEFAULT ROLE ALL;
User altered.
SQL>
SQL> BEGIN
2     dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL_ROLE',true,'connect');
3     dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
4     commit;
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST                 LOWER_PORT UPPER_PORT ACL
localhost                    25         25 /sys/acls/test_smtp.xml
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
ACL                                      PRINCIPAL       PRIVILEGE IS_GRANT
/sys/acls/test_smtp.xml                  TESTACL_ROLE    connect    true
SQL>
And now I test it again with the same user:
SQL> CONNECT testacl/testacl@testdb
Connected.
SQL>
SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
no rows selected
SQL> DECLARE
2     c utl_smtp.connection;
3 BEGIN
4     c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
5     utl_smtp.helo(c, 'localhost');
6     utl_smtp.mail(c, 'Oracle11.2');
7     utl_smtp.rcpt(c, '[email protected]');
8     utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
9     utl_smtp.quit(c);
10 END;
11 /
DECLARE
ERROR at line 1:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 267
ORA-06512: at "SYS.UTL_SMTP", line 161
ORA-06512: at "SYS.UTL_SMTP", line 197
ORA-06512: at line 4
SQL>
I'm aware that role privileges doesn't apply inside procedures, functions or packages by default, but this is an anonymous block so it should use the active roles for the user. I also tried adding a "dbms_session.set_role('TESTACL_ROLE');" at the beggining of the anonymous PL/SQL block but I got the same access error.
Thanks in advance for any help you can give to me on this question, it would be very hard to grant the ACL to all the individual users as they are more than 1000, and we create more regularly.

Thanks for your quick reply... I don't have a problem creating the basic ACL with the privileges granted for a user. The problem appears when I try to create an ACL with privileges for a ROLE. You can see here http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_networkacl_adm.htm#BABIGEGG than the official Oracle documentation states that you can assign the ACL principal to be a user or role:
Parameter
Description
acl
Name of the ACL. Relative path will be relative to "/sys/acls".
description
Description attribute in the ACL
principal
Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
My issue is that when I try to create the ACL for a role it doesn't work.
Have you ever created an ACL for a role? if so please send me an example or let me know which step I might be missing. Cheers.

Storage 7110: ACL being created incorrectly and being modified

I have setup up a share with the following ACLs:
% ls -ldV /home/andrew
drwxr-x--x+180 andrew staff 393 Jun 19 11:57 /home/andrew/
group:Domain Admins:--------------:-------:deny
group:Domain Admins:rwxpdDaARWcCos:fd-----:allow
group:Domain Users:--------------:-------:deny
group:Domain Users:--x-------c--s:fd-----:allow
group:SystemUsers:--------------:-------:deny
group:SystemUsers:rwxpdDaARWcCos:fd-----:allow
owner@:--------------:-------:deny
owner@:rwxpdDaARWcCos:fd-----:allow
group@:-w-p----------:-------:deny
group@:r-x----------s:-------:allow
everyone@:rw-p---A-W-Co-:-------:deny
everyone@:--x---a-R-c--s:-------:allow
group:IISstudentUsers:--------------:-------:deny
group:IISstudentUsers:r-x---a-R-c--s:fd-----:allowbut when I create a new subdirectory from a OpenSolaris client or on the Storage box via the shell I get the new ACL or modified ACL's...
% mkdir /home/andrew/test5
% ls -ldV /home/andrew/test5
drwxr-xr-x+ 2 andrew staff 2 Jun 19 12:00 /home/andrew/test5/
group:Domain Admins:rwxpdDaARWcCos:fdi----:allow
group:Domain Admins:-w-p----------:-------:deny
group:Domain Admins:rwxpdDaARWc--s:-------:allow
group:Domain Users:--x-------c--s:fdi----:allow
group:Domain Users:--------------:-------:deny
group:Domain Users:--x-------c--s:-------:allow
group:SystemUsers:rwxpdDaARWcCos:fdi----:allow
group:SystemUsers:-w-p----------:-------:deny
group:SystemUsers:rwxpdDaARWc--s:-------:allow
owner@:rwxpdDaARWcCos:fdi----:allow
owner@:----dDaARWc--s:-------:allow
group:IISstudentUsers:r-x---a-R-c--s:fdi----:allow
group:IISstudentUsers:--------------:-------:deny
group:IISstudentUsers:r-x---a-R-c--s:-------:allow
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:-w-p----------:-------:deny
group@:r-x-----------:-------:allow
everyone@:-w-p---A-W-Co-:-------:deny
everyone@:r-x---a-R-c--s:-------:allowThanks
Andrew

Hi Andrew,
Did you get to a solution with this one. I'm having a bit of fun ?? attempting to configure a 7110 box for windows and solaris access. My workaround has been to grant full root permissions to all and sundry for now (far from ideal).
The inheritence for windows users is the easy bit, as soon as I create files/folders over NFS or add a domain group into the ACL, I run into issues either reading the ACL from the solaris side or indeed accessing the directory.
Have you come across any documentation for solaris/windows interoperability?
Any help/advice appreciated.
Chris

What documentation do I need to set up a second file server?

I have a 10.4 server that used to be my OD master... but I'm setting up a new Mac Pro to be the master (running 10.6) but would like the old 10.4 server to handle some of the network software. I don't mind doing a bit of reading to set this up, but I couldn't find any documentation to help me. The File Server Administration PDF doesn't talk about a second server for AFP or how to get the second server to look up user information on a different server running as the OD Master...
Thanks in advance for any help or direction! (either would be great!)
Kevin

Hi
Launch Directory Access (/Applications/Utilities) on your 10.4 Server, click on the LDAPv3 Plug-in and create a New Entry. Add the fully qualified domain name of your 10.6 OD Master. There's no need to provide authentication unless you're disallowing anonymous binding on your 10.6 OD Master?
Assuming everything is as it should be regarding internal DNS Services and that the 10.4 Server is referencing the correct DNS Server, the 10.4 Server should now be reading from the OD Master's LDAP Database - essentially your Users and Groups. Launch WorkGroup Manager on the 10.4 Server and you should see those Users and Groups.
All of the above absolutely depends on properly working and configured DNS Services. You may want to add an A Record for the 10.4 Server in whatever you've designated as your DNS Server for your private network. Presumably this will be the 10.6 Server? For SSO (Kerberos) Authentication to work properly - assuming this is what you want? All Servers and Clients must be referencing the same NTP Server.
Assuming all has gone well with the 'join', launch Server Admin and click on the Open Directory Service. This should report its role as "Connected to a Directory Service". Now start the AFP Service. Use WorkGroup Manager to define shares and access. I would enable Access Control Lists for volumes you wish to designate shares on. Once enabled restart the 10.4 Server. Use the ACL Permissions Model rather than the POSIX one. Make sure you propagate permissions afterwards. Don't share Volumes. Share folders instead.
You can have as many Servers as you like presenting AFP Shares to as many clients as you like. There is no restriction. Basically it's just another server offering shares. The documentation you've read does not mention multiple servers probably because - no offence intended - it's kind of obvious and fairly straightforward.
HTH?
Tony

Can't set ACL for JSPs

Hi,
          we are trying to set define ACL for weblogic security for JSP
          and could't manage to do it. In the online documentation there
          are examples for servlets but not for html or jsp files.
          How have to be defined the ACLs for jsp and html files ?
          Thanks in advance.
          GRIDSYSTEMS Bartolome Real Planells


See http://www.weblogic.com/docs51/admindocs/properties.html#urlacl for
          details on setting ACLs on URLs...
          Bartolome Real Planells wrote:
          > Hi,
          >
          > we are trying to set define ACL for weblogic security for JSP
          > and could't manage to do it. In the online documentation there
          > are examples for servlets but not for html or jsp files.
          >
          > How have to be defined the ACLs for jsp and html files ?
          >
          > Thanks in advance.
          >
          > -------------------------------------------------------------------
          > GRIDSYSTEMS Bartolome Real Planells

RE: Help needed regarding ACL in weblogic 6.0

Abishek, I've also posted this response to the newsgroup as I think there
has been some discussion about it before without ever a complete answer.
No. You can't use ACLs for servlets or JSPs in 6.0 and later. Prior to 6.0
we used ACLs as there was no standard for servlet or JSP security. In 6.0 we
moved to the J2EE standard of deployment descriptors. I do believe that we
had a documentation bug in 6.0 that said the ACLs continued to work. This
was fixed in 6.1.
-----Original Message-----
I am using weblogic 6.0. I need to authorize servlets, and JSPs. So far,
I am using the deployment descriptors, web.xml and weblogic.xml to
authorize users. However, can ACLs be used to authorize servlets and
JSPs, especially through the admin console of weblogic? All the ACLs I
have made using the admin console have been ineffective in authorizing
and no authentication is asked for.
I would be grateful, if you could throw some light on this matter.
TIA,
abhishek.

Hi,
Were you ever able to find out how to turn debug on for the realm??
Thanks,
Rob
[email protected]
Sam Li wrote:
In weblogic 5.0, to view RDBMSRealm debug information one just need to set "weblogic.security.realm.debug=true" in weblogic.properties file. However, in weblogic 6.0, weblogic.properties file is replaced with Admin Console. I just couldn't find anything in Admin Console that I can set realm.debug=true. Your help will be greatly appreciated!
Sam

ACL - how to (easily) deny access to everthing but home directory

I was trying to set up a very restrictive drop box for users to leave and take files from. I set up a special USER and then thought I could use the ACL's to deny access to the system except for the home directory. From reading the documentation I tried the following
1) at the root level I denied read/write access for USER
2) at the home directory I allowed read/write access for USER
and then I tried to 'remove inherited' ACLs. I can't seem to get this to work. USER is always denied. Any help appreciated

Never mind. I figured out how to do this from the command line using chmod +a to do multiple directories at once. I still don't know why the top level ACL wouldn't propagate to the lower directories but once I did this on the /* directories everything was fine.

Can IFS be set up so that new files inherit the ACL of the folder they are created in

I realise that a file created or saved in IFS takes on the ACL of the User who created it. This is fine if users always save items into the same folders or belong to a single group. However, it causes problems when users need to save different items in many folders, each of which may have different audiences/require different security.
With this in mind, is it possible to set up IFS so that a file inherits the ACL of the folder in which it was created/saved, at creation/saving point?
I'd appreciate any info on this, as have read the documentation and couldn't find any info on it.
Cheers,
Caroline

We are faced the same problem.
So I wrote a script that syncs ACLs of the files and folders they're in only if differs.
I use SQL script that generates ifsshell script and then it is run from the client. See below
The content of aclsync.sql :
set serveroutput on size 1000000
set feed off
set term off
spool aclsync.txt
begin
     dbms_output.put_line('login system/manager');
     for X in (     select
                                   I.object_id, F.acl_id
                              from
                                   ifs_folder_items I,
                                   ifs_folders F
                              where
                                        I.folder_id = F.folder_id
                              and     I.type = 'DOCUMENT'
                              and     F.acl_id != I.acl_id) loop
          dbms_output.put_line('setattr -id '||X.object_id||' acl -avid '||X.acl_id);
     end loop;
dbms_output.put_line('exit');
end;
spool off
set term on feed on
exit
And the content of the batch file that calls above mentioned script and executes its output
sqlplus -s ifssys/ifssys@IFS @aclsync
set PATH=%PATH%;C:\"Program Files"\Oracle\"Oracle 9iFS CmdLine"
ifsshell -i aclsync.txt
Anyway
I'd appreciate some automatic way of doing that.
Regards Vladimir
---

Regarding ACL

Hi All,
I'm an abaper & new to DMS concepts.
.How to use authorizations in DMS & EDMS.Do i need to activate something to see the authorization tab in DMS.
Where can i find these access control lists.I'm Studying this link
(http://help.sap.com/saphelp_erp60_sp/helpdata/en/bd/8063fbbc43c54e901dd7733d946198/frameset.htm).
But couldn't understand some parts regarding Access control Lists.
Any help with a basic example would be appreciated.
Thanks & regards,
Ravi S.

Hi Ravi,
with the upgrade to ECC 6.0 Document Browser and ACL Authorization come as new features in the standard of the Document Management System. You can find a documentation about these new features in the SAP Help
Portal (help.sap.com):
> SAP ERP Central Component > Cross-Application Components > Document Management > Document Management
> Document Browser
> SAP ERP Central Component > Cross-Application Components > Document Management > Document Management > Authorization Objects for Documents > Access Management Using Access Control Lists
For further information also the SAP notes 1062939 and1152180 could be useful too.
Best regards,
Christoph

How to do JAAS and J2EE Deployment Descriptor ACL : Please help

I am trying to develop a Single sign on application using EJB's, JAAS,
ACL, struts and JSP to Log in with a form authenticate (using
j_security_check to hook into the web.xml security) then pull a user
from a database and use the roles defined there for authorization in
the rest of the system?
The examples on the web are from java clients to RMI, they also sit
alone. They dont say how to hook them into weblogic. They say to use
JAAS but they have just JAAS examples! No hooking of it into an EJB,
servlet, etc! They also dont show how to hook that code into web
server to use it as your security module!
What Settings/configuration I need to make in the web server for JAAS
to work. How the logic proceeds to authorization after form is
submitted using j_security_check. and to further logic in the
application. How is it then integrated with the Struts action forms.
Help, I'm at a loss. They recommend using JAAS but their documentation
and examples do not explain how. We have a complex real world product
and need examples of
the same. Can somebody provide me a working real-life example which
really work and give me some pointers to proceeds that will be really
helpful.
Thanks in advance for the help.

I am trying to develop a Single sign on application using EJB's, JAAS,
ACL, struts and JSP to Log in with a form authenticate (using
j_security_check to hook into the web.xml security) then pull a user
from a database and use the roles defined there for authorization in
the rest of the system?
The examples on the web are from java clients to RMI, they also sit
alone. They dont say how to hook them into weblogic. They say to use
JAAS but they have just JAAS examples! No hooking of it into an EJB,
servlet, etc! They also dont show how to hook that code into web
server to use it as your security module!
What Settings/configuration I need to make in the web server for JAAS
to work. How the logic proceeds to authorization after form is
submitted using j_security_check. and to further logic in the
application. How is it then integrated with the Struts action forms.
Help, I'm at a loss. They recommend using JAAS but their documentation
and examples do not explain how. We have a complex real world product
and need examples of
the same. Can somebody provide me a working real-life example which
really work and give me some pointers to proceeds that will be really
helpful.
Thanks in advance for the help.

Mini SAP install problem:ACLs

Hello,
When I install,I am getting the followin message.
The message is:"File system of SAP drive 'C:' doen not support ACLs(Access Control Lists).
How to solve the above problem?
please help me.
With Regards,
Jaheer,Yanbu.

from the command prompt run the following code
convert C: /fs:ntfs /v
this will convert C drive to NTFS format.
more on this check out this link.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/convert.mspx?mfr=true
Regards
Raja

ACL documentation?

Similar Messages

Maybe you are looking for