SAP Mobile Platform Logical Roles
SAP Mobile Platform defines a set of logical roles. To grant role-based access to SAP Mobile Platform, use Management Cockpit to map these logical roles to the physical roles that are defined in your identity management system.
Administrators interact with SAP Mobile Platform to perform high-level management. The administrator can perform all administrative operations in Management Cockpit. To enable role-based access to Management Cockpit, map the SAP Mobile Platform Administrator logical role to physical roles that exist in your security repository used for authentication and authorization.
Helpdesk operators interact with SAP Mobile Platform to review system information and determine the root cause of reported problems. Helpdesk operators have read-only access to all administration information in the Management Cockpit. They cannot modify anything in Management Cockpit, and cannot save changes made in dialogs or wizards.
The Impersonator role has a narrow and specific scope. The Impersonator role establishes the trust relationship between the reverse proxy and SAP Mobile Platform Server, allowing the server to accept and authenticate a user's public certificate presented in the SSL_CLIENT_HEADER over an SSL connection established by the reverse proxy. It also enables SAP Mobile Platform to trust SSL_CLIENT_CERT headers from network edge certificate authentication.
Notification User Role
The Notification User role also has a specific scope. It enables sending push notifications to applications. The Notification User role invokes SAP Mobile Platform capabilities to send notifications to clients. Administrators configure the Notification security profile to specify the authentication credentials required to send push notifications, and include any combination of authentication providers as needed. Administrators can configure the back end with a user X.509 certificate and connect to SAP Mobile Platform on its HTTPS listener configured to use mutual authentication (port 8082 by default). Once the Notification security profile is configured, you can map the Notification User logical role to the appropriate physical roles using Management Cockpit.
Integration Gateway Roles
|GenerationAndBuild.generationandbuildcontent||Generate and build operations|
|NodeManager.deploycontent||Deploy and undeploy content operations|