Show TOC

Assigning Users to Remote RolesLocate this document in the navigation structure

Use

Content usage mode: remote role assignment

Applies to: consumers

Note

The functionality described in this topic does not apply to an SAP NetWeaver Composition Environment system without usage type EP Core - Application Portal (EPC).

This topic describes how a user administrator on an SAP NetWeaver consumer portal can assign local users or groups to remote roles (or remote roles to local users and groups) that exist on an SAP NetWeaver producer portal.

Prerequisites

  • You have created an FPN connection that pairs your system (the consumer portal) with a remote system (the producer portal).

  • Your system (the consumer portal) is registered with the producer portal.

  • You have successfully tested the remote role assignment readiness of the FPN connection. For more information, see Testing Remote Role Assignment Integrity .

  • The same user base exists on both producer and consumer portals.

  • The user administrator on the consumer portal has been assigned role assigner permission to the remote role by the system administrator or content administrator on the producer portal. For more information, see Exposing Roles on the Producer for 'Remote Role Assignment' Usage .

  • You have access to the Identity Management tool on the consumer portal. It is available by default in the standard User Admin or Delegated User Admin roles in the portal.

    Note

    You can also work with the Identity Management tool as a standalone console or in the SAP NetWeaver Administrator, as long as the remote producer portal is running. For more information, see Identity Management .

  • You have been assigned at least administrator read permission to the FPN connection that represents the remote producer portal where the remote roles are located. For more information, see Assigning Administrator Permissions to FPN Connections .

Procedure

To perform remote role assignment, you use the Identity Management tool. Using the tool, you can do either of the following:

  • First select a remote role and then assign local users or groups to it. See Assigning Users/Groups by Role below.

  • First select a local user or group and then assign a remote role to it. See Assigning Roles by User/Group below.

Assigning Users/Groups by Role

  1. On the consumer portal, navigate to Start of the navigation path User Administration Next navigation step Identity Management End of the navigation path.

  2. In the Search pane, do the following to locate the remote role to which you want to assign any local users or groups.

    1. In the first Search Criteria dropdown list, select Role .

    2. In the next dropdown list, select the data source:

      • To search on all remote producers that your portal is registered with, select Remote Data Sources .

      • To search on a specific producer that your portal is registered with, select it. Note that each producer portal is listed by its producer alias.

    3. In the empty field, enter the name of the remote role. You can use wildcard characters in your search string.

    4. Choose Go .

      The results of the search are displayed on the screen.

  3. From the result list, select the role to display its details.

  4. In the Details of Role pane, choose Modify .

  5. In the Assigned Users or Assigned Groups tab, search for the local users or groups that you want to assign to the remote role.

  6. Assign the appropriate users and groups to the role.

  7. Save your changes.

Assigning Roles by User/Group

  1. On the consumer portal, navigate to Start of the navigation path User Administration Next navigation step Identity Management End of the navigation path.

  2. In the Search pane, do the following to locate the local user or group to which you want to assign a remote role.

    1. In the first Search Criteria dropdown list, select User or Group .

    2. If you selected Group , then in the next dropdown list, select the data source. Note that the All Data Sources option for groups refers only to local data sources.

    3. In the empty field, enter the name or ID of the local user or role. You can use wildcard characters in your search string.

    4. Choose Go .

      The results of the search are displayed on the screen.

  3. From the result list, select the user or group to display its details.

  4. In the Details of User or Details of Group pane, choose Modify .

  5. In the Assigned Roles tab, do the following in the Available Roles pane to locate the remote role to which you want to assign the local user or group.

    1. In the first Search Criteria dropdown list, select Role .

    2. In the next dropdown list, select the data source:

      • To search on all remote producers that your portal is registered with, select Remote Data Sources .

      • To search on a specific producer that your portal is registered with, select it. Note that each producer portal is listed by its producer alias.

    3. In the empty field, enter the name of the remote role. You can use wildcard characters in your search string.

    4. Choose Go .

      The results of the search are displayed on the screen.

  6. From the result list, select the remote role to display its details.

  7. Choose Add . The selected remote role is assigned to the local user or group.

  8. Save your changes.

Result

You have assigned local users to a remote role residing on another SAP NetWeaver producer portal. Users assigned to that role will receive content that is rendered at runtime by the remote producer portal.

Caution

If the remote content accesses a producer-side back-end system that requires authentication, you need to set up trust between the remote back-end system and your portal. For more information about setting up trust between SAP NetWeaver Portal and an SAP system, see Accepting Logon Tickets Issued by the AS Java .

For more information about identity management, see Identity Management .