2418507 - Unauthorized access of Super Administration Roles

Symptom

End user's without the Super Administration Role assigned or required authorization granted are able to view the portal content structure with the direct access of the Content Administration url.

Direct Url - http://<host>:<port>/irj/portal?NavigationTarget=ROLES://portal_content/administrator/super_admin/super_admin_role/com.sap.portal.content_administration/com.sap.portal.content_admin_ws

On accessing the direct link below screen opens, which doesnt have the super admin roles in the TLN, still the user can navigate through "portal_content"

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

EP Release Independent
SAP NetWeaver
SAP Composition Environment

Product

SAP NetWeaver 2004 ; SAP NetWeaver 7.0 ; SAP NetWeaver 7.1 ; SAP NetWeaver 7.2 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

Keywords

Enterprise Portal 7.0, EP 7.0, Enterprise Portal 7.01, EP 7.01, Enterprise Portal 7.02, EP 7.02, Enterprise Portal 7.03, EP 7.03, Enterprise Portal 7.1, EP 7.1, Enterprise Portal 7.2, EP 7.2, Enterprise Portal 7.30, EP 7.30, Enterprise Portal 7.31, EP 7.31, Enterprise Portal 7.40, EP 7.4, Enterprise Portal 7.50, EP 7.5, permission, super admin roles, Content Administration, User Administration, System Administration, com.sap.portal.content_admin_ws, authorization, portal_content, Everyone Group, End User , KBA , EP-PIN-NAV , Navigation , EP-PIN-PRT , Portal Runtime , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.