SAP Knowledge Management and Collaboration (KMC) incorrect permissions
Description
SAP Knowledge Management and Collaboration (KMC) is a content management service within SAP NetWeaver Portal that stores and manages business documents and files. By default, SAP KMC assigns overly permissive access controls (Everyone Full Control) to all folders immediately after installation. This insecure default configuration allows any user to access all repository content without proper authorization checks, creating a significant security exposure until administrators manually restrict permissions on root nodes and repository managers.
Remediation
Immediately restrict access permissions on SAP KMC repositories following installation or after configuring new repository managers:
1. Review and identify all root nodes and repository managers in your SAP NetWeaver Portal KMC configuration
2. Remove the default Everyone Full Control permission from all folders and repositories
3. Implement role-based access controls (RBAC) by assigning permissions based on the principle of least privilege
4. Grant read/write access only to specific users, groups, or roles that require access to particular repositories
5. Configure appropriate authentication requirements to prevent anonymous access
6. Regularly audit KMC permissions to ensure they remain appropriately restrictive
Refer to SAP Note 599425 for detailed guidance on configuring secure permission structures and best practices for SAP KMC access control implementation.