Administrator

Mapping Logical Roles to Physical Roles

Administrators can map SAP Mobile Platform logical roles to physical roles that are defined in your identity management back-end systems. They can also edit existing role mappings. A set of role mappings exists for each security profile.

Prerequisites

In Management Cockpit, select Start of the navigation path Settings Next navigation step Security Profile End of the navigation path.

Context

SAP Mobile Platform logical roles map to physical roles that are defined in the back-end system; two exceptions are:
  • Impersonator – maps only to the certificate that the reverse proxy uses to authenticate.

  • Notification User – can map to both physical roles and to the certificate of a user who has been authenticated by an X.509 User Certificate provider.

Procedure

  1. Identify a security profile, and select Start of the navigation path  Next navigation step Role Mapping End of the navigation path.
  2. For a logical role, select Start of the navigation path  Next navigation step Edit End of the navigation path.
  3. To map one or more of the Available Physical Roles to the logical role, select each role.
  4. To add a new physical role and map it to the logical role:
    1. Click the Create icon , and enter a name for the new role.
    2. Under Mapped Role, select the new role.
  5. To map either the Impersonator role or the Notification User role to a certificate:
    1. Click the Create icon, click Browse, and select the certificate file.
    2. Click Open, and then click Save.
    3. Under Mapped Role, select the certificate.
  6. Save your changes.

Results

If your server is running in a cluster, changes are synchronized across the cluster.