Configuring SAP KM User Rights

To allow users to only search documents that they are permitted to view, you will need to pass the SAP KM groups they belong to the query service as the rights CGI parameter. See ACLs for more information about rights.

Because SAP KM does not provide a directory service, you will need to provide that information in a separate Watson™ Explorer Engine search collection by crawling and indexing the user/group objects associated with your SAP KM installation.

After creating a collection using the SAP KM Users seed, you can configure the following options in that seed:

  • Host - The SAP Portal server host.
  • Port (optional) - The SAP Portal server port.
  • Protocol (optional) - The SAP Portal server protocol.
  • SAP Username - The SAP Portal username to authenticate with.
  • SAP Password - The SAP Portal password to authenticate with.
  • Reference Group (optional) - The reference group that all the users belong to. The default value is GRUP.SUPER_GROUPS_DATASOURCE.EVERYONE.
  • Heap size (optional) - The amount of bytes to set the Java heap to. If not higher than the default (160 MB), the default will be used. Examples:
    • 262144000 (for 250 MB)
    • 524288000 (for 500 MB)
    • 1073741824 (for 1 GB)

You will also need to add the form component named SAP KM Rights to the form of the source associated with your SAP KM collection. You will need to specify the following parameters in this form component:

  • SAP KM Users Collection - Name of the search collection in which the SAP KM groups/users are indexed.
  • User OS Name (optional) - The username passed to the collection to retrieve the associated permission groups. This is usually the username part of the OS login. If not specified, the username part of $user.name will be used.
  • User OS Domain (optional) - The domain passed to the collection to retrieve the associated permission groups. This is usually the domain part of the OS login. If not specified, the domain part of $user.name will be used.
  • Query Service URL (optional) - URL of the query service serving the SAP KM Users collection (for example http://mydomain.com/search:7205). If not specified, the local query service is used.

To make sure that nobody can access the query service for your SAP KM crawl without proper credentials, use the Configuration > Searching tab for your documents collection to set the Require rights option to true.