Assignment of Users and Groups to Roles (SAP Library

Assignment of Users and Groups to Roles

Use

The Enterprise Portal generates an individual user interface for each user according to the roles assigned to him or her. What the user sees in the top-level navigation and in the portal pages all comes from his or her roles. Therefore it is very important to assign users and groups to roles that reflect their function in the company.

Every portal user in the corporate LDAP directory is assigned a default role, the portal user role, so that he or she sees something in the portal the first time he or she logs on, even if the administrator has not assigned any roles to that user yet.

The Enterprise Portal provides an easy-to-use tool to assign roles to users and groups, or inversely, to assign users or groups to roles. These are described in the following sections:

· Assigning Roles to Users and Groups

· Assigning Users and Groups to Roles

Prerequisites

· Make sure that the attribute displayname is maintained as an attribute of your user object in the corporate LDAP directory. The role assignment tool searches for users according to the attributes displayname and uid/sAMAccountName (unique user ID). If the attribute displayname does not have a value, part of the search is redundant as it searches for an attribute that does not exist or does not have a value.

If displayname is not maintained, you must define a valid attribute mapping for it. For example, you can map displayname to the physical attribute cn (an attribute used by the schema of your corporate LDAP directory) by changing the following lines in the file repository_configuration_ldap.xml:

    <attribute>
        <logicalattributename>displayname</logicalattributename>
        <physicalattributename>cn</physicalattributename>
    </attribute>

For more information on mapping attributes, see Mapping Attributes.

· You have configured where the central user data is stored in the user management configuration tool. See Defining Location of Central User Data Repository.

· You have configured where the user/group ® role assignments are stored in the user management configuration tool. See Defining Location of User-to-Role Assignments.