Professional Documents
Culture Documents
…secure… Authentication
Single Sign On
Portal
Roles
I. Contents of Roles
ABAP Roles Portal Roles
The content of a role always refer to The content of portal roles do not depend
a single SAP application. on SAP applications, but may include them.
They contain different kinds of information
(heterogeneous content types).
The role content depends on the The role content depends on the company
user’s tasks in the SAP system. structure and the core processes of the
company. They are complete job
descriptions, not limited to objects of SAP
Systems.
There are single and composite roles. Roles are not divided into different role
Composite roles are optional. types. The portal introduces the concept
of "worksets“.
All actions connected with roles are Role administration by different web-
performed in transaction PFCG: role based tools in the Portal administration
creation and maintenance, role/user environment.
assignments and authorization
generations.
V. Authorizations
ABAP Roles Portal Roles
Roles (single roles) carry the A portal role is mainly a content object and
authorization information. Roles are not an authorization object. Portal roles
authorization objects. The profile cannot be used in the portal environment
generator is part of role to create authorizations for the backend
administration in Transaction PFCG. systems.
Conversion of
ABAP-roles and
their content into
portal content
objects Roles in
ABAP- Portal Transfer of portal
based Roles roles to the ABAP-
Systems based system in
order to maintain
the missing
authorizations
Authorization
Upload Generation
The SAP Enterprise Portal can be used as the leading system for:
Role creation
Role maintenance
Role/user assignment
Role
Enterprise Definition
Portal
Authorizations
SAP Enterprise CM Others
Systems Apps Systems
Both SAP Enterprise Portal and the backend system have tools and functions
that permit you to link the portal role with the ABAP authorization concept and
to link the authorization profile in the backend system with the portal role concept.
© SAP AG 2004, SAP TechEd / PRTL152 / 19
Portal Content and Authorizations in the Backend System
Portal
Content objects from ABAP- based
systems can be converted to Portal
content objects.
From now on object creation and
maintenance is done in the Portal!
Backend System
Single and
composite roles are
converted as either
When objects are uploaded again, Portal roles or
you can define whether or not worksets with the
existing objects should be corresponding menu
overwritten. hierarchy.
The role/user assignment of a role can also uploaded to the portal. You
therefore do not have to make this assignment again in the portal. An
uploaded role is automatically assigned to a portal user. Prerequisite:
backend user must have a corresponding user in the Portal.
iView Studio:
www.iviewstudio.com
Portal ABAP-Based System 2
Download of
Business Packages Portal Content Upload and Conversion of
containing Portal Content Content Objects
Roles
Worksets
Pages
Demo and
Exercise Part I
Generated authorizations
Folder 1
System 1 Auth. Role A_1:
iView A T1, T2, T6
Transaction T1 ---> System 1
iView B Auth. Role A_2:
Transaction T2 ---> System 1 T1, T2, T6
iView C
Transaction T3 ---> System 2
Step 1: Step 2:
Transfer portal role Transfer portal user
information to a assignment to a
dedicated backend dedicated backend
system system
© SAP AG 2004, SAP TechEd / PRTL152 / 36
Roles Distribution (1)
ABAP-based
SAP System
Transaction WP3R
© SAP AG 2004, SAP TechEd / PRTL152 / 38
Transaction WP3R: Generation of Authorization Roles (3)
ABAP-based
SAP System
Transaction WP3R
Distribution of
Role Definition Role
Transport
SAP 4.6B
Productive System
(SAP CUA or
Role Definition
component system)
User Assignment
User Assignment
Distribution of
EP 6.0 Role User
Assignments
Demo and
Exercise Part II
Role Function
Super assigned to initial SAP* User
Administrator „Full Control“ access on whole Portal Content Catalog Tree
Access on all admin tools
of Content Administrator Role
of System Administrator Role
of User Administration Role
Content access on all Content Administration tools for creation of roles,
Administrator worksets, pages, iViews, layouts
access on all editors to maintain content e.g. Permission Editor,
Property Editor
access on all parts of tree hierarchy of Portal Content Catalog if the right
ACLs have been defined
System access on all tools for system administration such as system
Administrator configuration, transports, permissions, monitoring, support, portal
display
access on all parts of tree hierarchy of Portal Content Catalogs if the
right ACLs have been defined
User access on all tools for user administration to create and maintain users,
Administrator administrate the role-user assignment, user mapping administration,
user Replication, Group administration, etc.
Demo
and
Exercise Part III
Make sure that you wait for status: “Finished” to indicate the role has
been completely transported. Roles with deep navigation structure may
take additional time to transport.
Î Public Web:
www.sap.com
SAP Developer Network: http://sdn.sap.com Î Enterprise Portal
SAP HELP Portal: http://help.sap.com/nw04
Coming in December.
http://www.sdn.sap.com/
Q&A