Page tree
Skip to end of metadata
Go to start of metadata

Wiki Purpose

Describes how HTTP methods can lead to some errors in Disclosure Management ..


The Disclosure Management application provides a number of RESTFUL APIs that are used by for example the Fiori apps that DM uses.

For example, when adding a Business Role to a user in the Fiori app “Business Role Assignment”, there is a call to the API http://<DM_server:port>/api/appmanager/businessrole/6/users 

Also, within the main DM application, the APIs are called, for example when deleting a (local) permission, a call is made to http://<DM_server:port>/api/chapter/<id>/permission using the "DELETE" verb

This Wiki describes some issues that may arise with certain configurations in IIS and how to remedy these.

Note: for this Wiki we used IIS 7.5 with DM 10.1 Stack1200

Request Filtering

As the APIs use a number of HTTP request methods (e.g. PUT, POST, DELETE) there can be an issue if within IIS these verbs are explicitly denied within the request filter

For example

Will result in a HTTP 404 (not found) error

Therefore, make sure there are no filters defined


Although Disclosure Management does not use WebDav (, it can be active in IIS and then intercept the methods like PUT and POST which results in a number of errors.

In IIS, WebDav can be active on the DM website

In this case, it is possible that a Handler Mapping is defined for WebDav. Note: this can apply to all verbs ( * ) or specific ones (GET, POST)

Within the DM Fiori apps this may lead to a HTTP 401 Unauthorized error

To resolve this, delete the WebDav handler mapping from the DM website

Even when the WebDav handler is removed, but WebDav itself is still present, you can get an error. This will now be a HTTP 405 Method not allowed

To resolve this, it is recommended to remove WebDav completely from the DM website

To do this, go to the Modules

Delete the WebDav module

Functional Rights

Be aware that a user's profile can also lead to certain HTTP errors, which may be confusing in this context.
For example, if a user does not have the permission "define user" in its role (this is defined in Security)
When accessing the Fiori app "Business Role Assignment", you will also see a HTTP 401 error, but this is not related to any IIS setting.

Related Content

  • No labels