Entering content frame

Background documentation Implementing a Multitenant Portal Locate the document in its SAP Library structure

Implementing a multitenant portal is a scenario-variant whereby several independent customers (tenants) can run and coexist on the same single SAP NetWeaver Portal installation base, which is hosted by a dedicated service provider. Each customer's portal is customized and branded with their corporate identity, and its users and data are securely compartmentalized so that it is available only to the users of each tenant and the global administrators of the multitenant portal.

Security Related Tasks in a Multitenant Portal

First, you need to consider the security aspects for running a standard portal. All information about securing SAP NetWeaver Portal is available in the Structure linkPortal Security Guide.

As a result of the inherent risks of hosting multiple customers on a single multitenant portal, you then need to consider the following security issues:

·        Since all tenants access the same single portal infrastructure, any log and trace files generated can contain information about applications, users, and other portal objects of various tenants.

For this reason, we recommend not to deliver such files to a specific tenant, as some applications save sensitive information in log files, such as the name of servers used by tenants, and user IDs and passwords.

For information about the contents of these files, see Structure linkLogging and Tracing.

If you must provide a trace or log file to a specific tenant, carefully check it and then remove the details about other tenants.

·        The multitenant portal scenario supports delegating user and content administration tasks to tenant administrators (see Structure linkDelegated Administration). For example, each tenant has a tenant-specific delegated content administrator who manages the content of that tenant.

You cannot assign tenant administrators to a delegated system administration role, since the role contains tools that allow one to directly and indirectly access and manipulate data across multiple tenants.

Delegating administration tasks to employees of the service provider, and not to employees of the tenant customers, ensures that under no circumstance is the information intended for a specific tenant exposed to an employee of another tenant.

·        The portal provides tools for assigning, changing, and designating security zones.

All operations relating to security zones in the multitenant portal must be performed by the super administrator rather than the delegated system administrator.

For more information, see Structure linkSecurity Zones.

·        A set of default permissions for initial portal content is available on deploying the portal. The default permissions enable other delegated administration roles in addition to that of the super administrator.

In all cases, the super administrator of the multitenant portal environment must make sure that no delegated administrator can change permissions for any portal object that has not been assigned to their tenant. For more information, see Structure linkPortal Permissions.

On the other hand, the super administrator can enable a tenant administrator (delegated administrator) to change permissions for objects within the specific tenant’s folder.

·        Portal applications are delivered as Portal Archive (PAR) files, which are uploaded and deployed in the portal. PAR files contain the Java classes and resources that are required to run the application.

They can also contain code intended for hacking into other tenants. For this reason, we recommend that uploading and deploying of par files to the portal must be the task for only the super administrator of the portal. For more information, see Structure linkManaging PAR and JAR Files in the Project.

See Also

Structure linkSecuring the Multitenant Portal Environment

 

Leaving content frame