As an administrator in WebSphere Portal 8.0, I can access and modify theme-related files with a WebDAV client connected to http://servername:10040/wps/mycontenthandler/dav/fs-type1.
I now want to give another user write access to the same files, but this user shouldn't be a Portal administrator.
IBM documentation states (on a page called Using WebDAV file store):
"To give users write access to resources contained in these folders, assign the users MANAGER role on the virtual resource THEME MANAGEMENT in portal access control. Managers can create, modify, or delete such resources."
I have done this successfully in the past with Portal 7.0, but it doesn't work in Portal 8.0.
When the user tries to modify a file through Portal 8.0 WebDAV, the operation fails and the server's SystemOut.log file contains this message:
com.ibm.wps.logging.ExceptionLogger logThrowable(th) An exception occurred: [null].
Enable traces for [com.ibm.wps.logging.ExceptionLogger=all] to see the exception stack trace.If I enable the suggested trace and the user tries again, the server's trace.log file contains a stack trace like the following (though I've removed many lines to make it shorter):
com.ibm.wps.logging.ExceptionLogger logThrowable(th) Exception
com.ibm.wps.resolver.servlet.exceptions.ModelIOException
at com.ibm.wps.resolver.webdav.tree.WebdavTreeModelUpdateDataSink.read(WebdavTreeModelUpdateDataSink.java:182)
at com.ibm.wps.resolver.servlet.ContentHandlerUpload.handleDownloadAndDispose(ContentHandlerUpload.java:817)
at com.ibm.wps.resolver.servlet.ContentHandlerUpload.handleUpload(ContentHandlerUpload.java:1020)
at com.ibm.wps.resolver.servlet.ContentHandlerUpload.doFilter(ContentHandlerUpload.java:378)
...
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1700)
Caused by: com.ibm.wps.resolver.webdav.admin.exception.WebdavCannotCommitException
at com.ibm.wps.filestore.JCRWebdavTreeModelController.commit(JCRWebdavTreeModelController.java:354)
at com.ibm.wps.resolver.webdav.tree.AbstractWebdavTreeModelCreateUpdateDataSink.updateItem(AbstractWebdavTreeModelCreateUpdateDataSink.java:1028)
at com.ibm.wps.resolver.webdav.tree.AbstractWebdavTreeModelCreateUpdateDataSink.updateItem(AbstractWebdavTreeModelCreateUpdateDataSink.java:955)
at com.ibm.wps.resolver.webdav.tree.WebdavTreeModelUpdateDataSink.read(WebdavTreeModelUpdateDataSink.java:157)
... 80 more
Caused by: javax.jcr.access.AccessDeniedException: ACC3501E: The requested operation violates one or more access constraints on path:
/filestore/fs-type1/themes/ISWPortal8.0/ISWExt/css/isw-style-ie6.css/jcr:content/icm:lastModified or descendant.
at com.ibm.icm.jcr.PropertyImpl.checkSetValueAllowed(PropertyImpl.java:444)
at com.ibm.icm.jcr.PropertyImpl.setValue(PropertyImpl.java:310)
at com.ibm.icm.jcr.NodeImpl.setProperty(NodeImpl.java:3990)
at com.ibm.icm.jcr.NodeImpl.updateSaveProperties(NodeImpl.java:3176)
at com.ibm.icm.jcr.NodeImpl.save(NodeImpl.java:2825)
...
at com.ibm.icm.jcr.WorkspaceImpl.save(WorkspaceImpl.java:2776)
at com.ibm.icm.jcr.WorkspaceImpl.save(WorkspaceImpl.java:2765)
at com.ibm.wps.filestore.JCRWebdavTreeModelController.commit(JCRWebdavTreeModelController.java:348)
... 83 more
How do I allow non-administrator users to modify these files?
Best Answer
Depending on your usage there are two items to look at.
General the access is limited to administrator groups which is documented here at Portal IC. It is possible to open up certain areas for end user specific usage, but I guess this is not what you are looking for.
Based on the trace you want to have the user be able to modify the WebDav for Themes. This is controlled different by a Virtual Resource of WebSphere Portal. You need to grant access to the Virtual Resource Markups for the group of users you want to enable write access to the themes folder