How can I stop authenticated users from getting other user's information?

We recently discovered that it is possible for authenticated users, via KMu2019s details view, to view details about the other users that have access to the same resource as you.  Our portal (7.0 sp15) is used for an external facing web site.  We have secured it against anonymous users but the problem still remains for authenticated users.  Here is an example:
The KM folder documents\Public Documents has been assigned read permissions for the group Everyone.  An authenticated user can open the URL https://<host>/irj/go/km/navigation/documents/Public%20Documents and a list of folders are shown.  The user can then select the Details from the menu for one of the folders and the Details iview is displayed.  They then select the menu item Settings > Permissions and the users/groups/roles assigned to this folder are shown.  The user can then select a user and view that users name and email address or the user could select a group and view for each member of the group the user id, name, and email address which could then be used to help attack the site.
So I thought it would be easy enough to disable the details view for all users but content managers or administrators but I seem to running into difficulty. 
I tried disabling the Details KM command with limited success.  Even with it disabled, if you know the URL for the details component you can still access it.  So it seems the better option is to take away access to the details component.  It seems that the users are getting access to the Details iView from the standard eu_role.  If I remove the iView from this role then all user have no access to the Details in KM.  I tried to add the iView to another role that content managers would have but when logged in with a user that had that other role I still was not able to access the Details iView. 
This SAP Help document [http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm |http://help.sap.com/saphelp_nw70/helpdata/en/47/f0f7415e639c39e10000000a155106/frameset.htm ]discusses the eu_role(Standard User role) and it states that
By default, the Everyone group is assigned to the Standard User role. If you choose to use the other every user roles instead, you need to remove these assignments from the Standard User role and apply them to the Every User Core and Control Center User roles.
  But, when I look at what groups the role is assigned to or what roles are assigned to the Everyone group they donu2019t appear to be linked contrary to what the documentation says.  So, what Iu2019m thinking here is that I can create a copy of this role and remove the Details iView from the original and then assign the copy to the content managers and administrators.  Doing this causes all users to lose access, even the content managers.
I thought Iu2019d give the Security Zones a try to see if this could help me but when I take away rights from here it still allows access.
Iu2019m stumped.  Iu2019m sure there is some key piece that eludes me.  What can I do to allow users read only access to some KM folders and files while preventing them from viewing the permission/user details?

The only 3d party apps are Hazel...
And that's your problem!
From the Hazel site's description:
Hazel watches whatever folders you tell it to, automatically organizing your files according to the rules you create.
Hazel, is a prefPane so you must have some rule (or it supplied the rule as a default) to put pictures (jpg's) from your Desktop (folder) into your Pictures folder.
Open your System Preferences and Hazel in there and either turn off Hazel or change or delete the appropriate rule covering this situation.

Similar Messages

  • How can i stop my macbook from getting my kids texts from their phones attached to my itunes?

    how can i stop my macbook from getting my kids texts from their phones attached to my itunes?

    APPLE ID for each device family member itunes
    http://www.apple.com/support/appleid/basics/

  • All my contact are being copied to my friend's iphone and i also am getting his contacts on my phone,when i delete a contact it also deletes it from his phone,we are sharing the same apple ID. How can i stop our contacts from being shared between us

    All my contact are being copied to my friend's iphone and i also am getting his contacts on my phone,when i delete a contact it also deletes it from his phone,we are sharing the same apple ID. How can i stop our contacts from being shared between us

    Everything that you have checked in your icloud settings will be shared between devices using the same Apple ID.  If you don't want icloud to share that information, then simply turn off that process under settings > icloud

  • How can I stop a JFrame from closing when clicking the close button.

    I need to display a dialog when a user attempts to close my app, giving them the option to close, minimize or cancel. How can I stop the form from closing after the user makes his selection? I have the folllowing code, but my form still closes after selecting an option:
    private void formWindowClosing(java.awt.event.WindowEvent evt) {                                  
            //An array of Strings to be used a buttons in a JOptionDialog
            String[] options = {"Close", "Minimize", "Cancel"};
            //Determines what the user wants to do
            int result = JOptionPane.showOptionDialog(null, "What to you want to do?  Close the application, minimize or cancel?", "Please select an option...", 0, JOptionPane.QUESTION_MESSAGE, null, options, options[0]);
           //Determines what to do, depending on the user's choice
            if (result == 0) {
                //Close the application
                System.exit(0);
            } else if (result == 1) {
                //Minimize the application
                this.setState(Frame.ICONIFIED);
        }Any help would be much appreciated!

    import java.awt.event.*;
    import javax.swing.*;
    public class test extends JFrame {
         public static void main( String[] args ) {
              new test();
         public test() {
              setSize( 200, 200 );
              //the next line makes the JFrame not close
              setDefaultCloseOperation( JFrame.DO_NOTHING_ON_CLOSE );
              //now add a listener that does the trick
              addWindowListener( new WindowAdapter() {
                        public void windowClosing( WindowEvent e ) {
                             //ask the user and do whatever you wish
              setVisible( true );
    }

  • How can i stop my phone from vibrating in my ear when i am on the call?

    How can i stop my phone from vibrating in my ear when i am on the call? I usually keeps my phone on vibration mode so i get notified when there is a new mail or message? However, when i am on the call, then also, it vibrates in my ear everytime a mail comes. Very irritating. I use my business phone and mails keep coming every 2-5 mins.
    Please help.

    very impractical . specially when you call A LOT and receive notifications constantly!

  • Hi...I have this problem, everytime I want to print something out the mac asks me for the computer password...that is really becoming annoying after. That happened since I upgraded to mountain lion. How can I stop the computer from asking me that?

    Hi...I have this problem, everytime I want to print something out the mac asks me for the computer password...that is really becoming annoying after. That happened since I upgraded to mountain lion. How can I stop the computer from asking me that?

    If you are printing via a Windows shared printer and it is the Windows user account that you are being prompted for then you can save this in the Keychain, as shown below.

  • How can I stop certain applications from opening automatically on restart

    How can I stop certain applications from opening automatically on restart?  I don't know when or why this began to happen but it's driving me nuts!  Thanks in adavance for any help.

    Go to System Preferences -> Users and Groups -> Login Items and remove all apps from the list:

  • How can I stop my nano from syncing every time I do something?  Sometimes it takes overnight to complete the sync.

    How can I stop my nano from syncing every time I do something?  Sometimes it takes overnight to complete the sync.

    Check your sync settings on the Music and other tabs. Personally I untick the box that says "Open iTunes when this iPod is connected" and under Edit > Preferences > Devices I tick the box that says "Prevent iPods, iPhones, and iPads from syncing automatically". This means that I get to choose and, if necessary, edit the content selections and then start the sync only when I'm ready.
    tt2

  • How can I stop my daughter from turning location services off from find iPhone?

    how can I stop my daughter from turning location services off from find iPhone?

    Settings > General > Restrictions
    Turn them on, go down and tap Location Services and restrict the ability to turn it off.
    Or tell her if she turns it off again you will take the phone away and get her simple flip phone.

  • How can I stop my iPhone from synching my contacts and groups lists twice?

    How can I stop my iPhone from synching my contacts and groups lists twice....I am using iCloud but am not sure how correct this duplication.

    Go into Settings>Mail, Contacts, Calendars. Is this happening at the bottom in the signature section, or in the header of the mail where your email address is? If it is the signature, then go to the Signature area of the Mail settings. If this is in the header, then go to the account in question and edit your account information to include your name instead of Johnny.

  • When I record an audio track, there is a waveform. When I stop recording, the waveform disappears and becomes a straight line. It also disappears from the track edit window. But the sound is there. How can I stop the waveform from disappearing?

    When I record an audio track using Logic Pro X, there is a visible waveform which appears as I record. When I stop recording, the waveform disappears and becomes a straight line. It also disappears from the track edit window. But the sound is still there. How can I stop the waveform from disappearing? And can I do something to view it after it has disappeared? Anyone know the anser?

    In Logic:
    Preferences/Audio Set Recording Delay to 0 <zero>
    This should always be set to zero unless a specific set of circumstances exist and you're audio drivers do not report position correctly.
    On occasion, usually when importing a Logic 9 project, Logic-X randomly changes this to a negative/positive number.  It's actually a bug in Logic, as it should always display the waveform.

  • How can i stop internet media from flooding elements 6?

    how can I stop elements 6 from constantly importing internet photos and flooding my memory?

    PSE isn't importing photos off the internet, but it could be importing photos from your hard drive that are being placed there as you browse the internet.
    It's likely that you've told PSE to import all new photos on your hard drive using the Watched Folders mechanism.
    In the Organizer, go to File > Watch Folders...
    See the list of folders PSE is currently watching.
    Check the setting near the bottom of the dialog as to what PSE should do when it finds new images in the folders it is watching.
    Make any necessary changes to have it do what you want it to do.
    Cheers
    Bob

  • Hi, how can I stop my screen from freezing up.Its acts like a scratch card, I use the mouse cursor to rub away to find the password box?

    HI,how can I stop my screen from freezing, It acts like a scratch card,I run over it with the mouse to scratch away at the grey screen to find the password box
    underneath?

    OS X: Login window partially appears, cursor movement redraws screen

  • How can i stop an email from being sent?  i cannot find an outbox in outlook

    How can I stop an email from being sent.  I cannot find an outbox in Outlook

    Outlook is a Microsoft product, I'd suggest posting on the Office for Mac Product Forums.

  • How can I stop iPhone 5s from blinking apple logo

    how can I stop iPhone 5s from blinking apple logo

    Hello tigersrock,
    Thank you for using Apple Support Communities.
    For more information, take a look at:
    iOS: Not responding or does not turn on
    http://support.apple.com/kb/ts3281
    Have a nice day,
    Mario

Maybe you are looking for

  • JRockit SDK 1.4.2_03 does not install at all on Win2k SP4

    Trying to install the JRockit SDK under Windows 2000 SP4, it successfully unpacks the archive and then dies with a pop-up box titled "javaw.exe - application error" and the error is: The instruction at "0x7c34feb4" referenced memory at "0x00000001".

  • Getting my movie clip to jump and stay on stage

    For an assignment and just to let you know I am a newbie. My stage size is 640x 480y I have placed an image of a chicken on my stage over the background and (with help) I have moving clouds. I have gotten to move my chicken up, down, left and right u

  • Exception Messages Report / List

    I have been unable to locate an exception messages report, either for production orders, requisitions, or purchase orders. I am looking for a report that will contain all of the exception mesages. Ideally, the output would be something like: 1.   WBS

  • AIR Application Installer.exe

    On my win xp pro sp3 machine from all the Adobe stuff following software installed only: - acrobat reader - flash player - shockwave player The Secunia scan tool noticed me recently I had old version of flash player. It is not right, some days ago ju

  • Characterstic value assignment table

    Hi All Could you please let me know in which table can i find   characterstic value assignment data? Thanks in advance Nagesh.paruchuri