Viewing and Attachment List Options

8min

Viewing content is accomplished via two access points :
From your SAP transaction / record
Direct to your content repository (optional) 
From SAP
Viewing from SAP is achieved via the SAP or Gimmal Link Enterprise DocManager Attachment List (Object for Services).
Viewing options
﻿
Accessing content from these attachment lists perform the following authorization checks:
Access to your SAP transaction / record with standard SAP authorizations 
Access to the ArchiveLink with standard SAP authorizations 
Optional: Additional SAP BADI authorization checks
Optional: Additional SAP Gimmal Link BADI authorization checks
From there, Gimmal Link provides 2 options to retrieve and display the content from your CMS system for URL based viewing.
1.  User Unauthenticated Access (Authenticated by Link Enterprise App)
The method leveraged to achieve this differs based on your CMS system:
M365.
Anonymous Short lived shared URLs via web browser
Gimmal Link Content Server via a non-dialogue system user (thin and thick client options) aka: standard SAP viewing
S3.
1. Gimmal Link Archive Link Content Server URL
﻿
2.  User Authenticated Access via SharePoint
Whilst still leveraging SAP standard ArchiveLink and DMS links, Gimmal Link Enterprise can compile a viewing URL directing the user to log into the SharePoint system view their web browser.
This option leverages any security capabilities and options based on your CMS system.  These are in addition to the check outlined in "From SAP".
Refer to the section "CMS Security based on SAP Security / Data" below for possible additional security checks based on SAP values. 
Please refer to your CMS Systems' security documentation for further options. 
Comparing Viewing Options
Viewing Option
All Repositories
Pros
Cons
Additional Tasks
User Unauthenticated Content Server ArchiveLink
no additional SharePoint config needed
no additional SharePoint User setup
not all mime types supported 
replies on local workstation web browser or SAP viewer and workstation apps to handle viewing
no SharePoint authentication
caches a local copy on user's workstation
binary sent across wire
actually performs a search on SAPDocID as metadata to find document, thus performance may be affected at high volumes
none
SharePoint
﻿
﻿
﻿
User Unauthenticated Anonymous SharePoint URL
supports all M365 Online supported mime types
no binary sent across wire
no local workstation browser or application requirements
no local workstation caching
no Search necessary, thus no performance considerations (direct Read)
less SharePoint maintenance - bypasses User level access to site/subsite/library authorizations (Link Enterprise App/User is used)
When viewing from SAP, user does NOT have to log on to M365/SharePoint
requires SharePoint anonymous viewing enabled at tenant level or site collection level (i.e.: these are short-lived URL's that in theory can be copy/pasted and shared to other users before expiration (default 1 minute)
refer to the below: https://learn.microsoft.com/en-us/microsoft-365/solutions/best-practices-anonymous-sharing?view=o365-worldwide﻿
SharePoint tenant level config
User Authenticated SharePoint URL
more authentication and security
more SharePoint maintenance - Users must have access to that site/subsite/library
When viewing from SAP, the user will need to log on to M365/SharePoint if/when their active M365/SharePoint session expires or is logged out (frequency is based on customer setup)
does NOT require SharePoint anonymous viewing enabled at tenant / site collection level
SharePoint User/Group maintenance required
SAP SFO/GOS Attachment List Options
You can leverage the standard SAP Attachment List or (highly recommended) the Gimmal Link Enterprise DocManager Attachment List.
Refer to the section "Attachment List Options" under the DocManager section for advantages in using the Gimmal Link Enterprise DocManager Attachment List plus additional SFO/GOS configuration options with Gimmal Link Enterprise.
Direct to your CMS System
Allowing access to content directly via your CMS system relies solely on that systems' security model and capabilities.  
Refer to the section "CMS Security based on SAP Security / Data" below for possible additional security checks based on SAP values. 
Please refer to your CMS Systems' security documentation for further options. 
CMS Security based on SAP Security / Data 
Gimmal Link Enterprise does not replicate the SAP security model to your CMS system.  If, however, your CMS system can leverage SAP data in the form of metadata or CVL's (choice lists), you can leverage Gimmal Link Enterprise SAP to inform your CMS system with those values (i.e.: metadata transfer).

Viewing Option All Repositories	Pros	Cons	Additional Tasks
User Unauthenticated Content Server ArchiveLink	no additional SharePoint config needed no additional SharePoint User setup	not all mime types supported replies on local workstation web browser or SAP viewer and workstation apps to handle viewing no SharePoint authentication caches a local copy on user's workstation binary sent across wire actually performs a search on SAPDocID as metadata to find document, thus performance may be affected at high volumes	none

SharePoint
User Unauthenticated Anonymous SharePoint URL	supports all M365 Online supported mime types no binary sent across wire no local workstation browser or application requirements no local workstation caching no Search necessary, thus no performance considerations (direct Read) less SharePoint maintenance - bypasses User level access to site/subsite/library authorizations (Link Enterprise App/User is used) When viewing from SAP, user does NOT have to log on to M365/SharePoint	requires SharePoint anonymous viewing enabled at tenant level or site collection level (i.e.: these are short-lived URL's that in theory can be copy/pasted and shared to other users before expiration (default 1 minute) refer to the below: https://learn.microsoft.com/en-us/microsoft-365/solutions/best-practices-anonymous-sharing?view=o365-worldwide	SharePoint tenant level config
User Authenticated SharePoint URL	more authentication and security	more SharePoint maintenance - Users must have access to that site/subsite/library When viewing from SAP, the user will need to log on to M365/SharePoint if/when their active M365/SharePoint session expires or is logged out (frequency is based on customer setup) does NOT require SharePoint anonymous viewing enabled at tenant / site collection level	SharePoint User/Group maintenance required

Configuration Overview

DocManager