Show TOC Entering content frame

Procedure documentation Creating Tenant User Administrators Locate the document in its SAP Library structure

Use

When you create a tenant in the portal, a user administrator role is automatically generated for the tenant in the tenant's Role folder in the Portal Catalog (Portal Content/Tenants/<Tenant Name>/Roles).

If you want to create an additional tenant user admin role, follow the instructions described in this topic.

 

Prerequisites

The steps described below require the services of both a global user administrator or a global content administrator.

 

Procedure

...

       1.      If needed, create a tenant user as follows:

                            a.      In the portal, navigate to User Administration ® Users ® Create User.

                            b.      In User ID, enter the tenant name followed by a backslash (\) followed by the ID of the new user.

For example: TenantA\useradmin

                            c.      Fill in the other fields as required.

                            d.      Save your entry

       2.      Create a copy of or a delta link to the standard User Admin or Delegated User Admin role for the required tenant. We recommend you create a delta link.

You can create a delta link as follows:

                            a.      In the portal, open the Portal Content Studio (Content Administration ® Portal Content).

                            b.      In the Portal Catalog, navigate to the folder:

Content Provided by SAP/Admin Content/User Administrators

                            c.      Right-click on the User Admin or Delegated User Admin role and choose Copy.

                            d.      Right-click the folder in which you want to create the tenant-specific role and choose Paste as Delta Link. We recommend you create the new role in the tenant's Role folder (Portal Content/Tenants/<Tenant Name>/Roles).

                            e.      A delta link to the role is created in the folder you selected.

                              f.      Right-click on the new role and choose Change ID.

                            g.      Navigate through the wizard, and enter the tenant name in the New Object ID Prefix field.

Make sure to enter the tenant name for portal roles in lower-case characters. For example, enter tenanta.

                            h.      Save your changes.

       3.      If you created a delta link to the Delegated User Admin role (not the User Admin role), you need to perform the following steps, since the standard delegated user administration role does not provide authorizations to perform any actions involving groups or roles.

                            a.      To allow your tenant Delegated User Admin users to manage groups as well, adjust the new delegated user admin role to include the UME.Manage_Groups action and the iView for group administration.

                            b.      To allow them to manage roles, adjust the tenant Delegated User Admin role to include the UME.Manage_Roles action.

Caution

Be aware that the latter action allows tenant administrators to assign all roles in their tenant. This can allow the tenant administrator to assign himself additional authorizations.

       4.      Assign the delegated user administration role to the tenant user as described in Assigning Roles to Users and Groups.

For example, assign the tenant user TenantA\useradmin to the tenant role tenanta.user_admin_role.

       5.      Assign necessary portal permissions to the new role. As a guideline, refer to the section "Permissions" in Initial Folders, Content, and Permissions for Tenants (notice where the portal assigns default permissions to a newly created User Admin role).

 

...

Result

You have created a tenant user administrator. Users assigned to this role can now log on to the portal as a tenant user administrator (see Logging on as a Tenant User).

 

Leaving content frame