Role Assignment (SAP-Bibliothek - Integrated User and Access Management)

Role Assignment

Use

The role assignment function in the portal allows you to assign roles to users and groups. The roles you assign to a user or group should reflect their function in the company. You can assign either portal roles or UME roles.

Portal roles define how content is grouped together and how it is displayed in the portal. By assigning a portal role to a user or group, you define which content that user or group sees in the portal

UME roles define a set of authorizations. By assigning a UME role to a user or group, you grant the set of authorizations that the role defines to the user or group.

In the portal, we recommend that you work with portal roles. For more information, see Strukturlink UME Roles and Portal Roles.

Achtung

You should not assign roles that are in the SAP namespace, for example, roles that begin with com.sap.portals. You should only assign users to delta links of roles that are in the SAP namespace. This prevents your changes being overwritten when you upgrade your portal. For more information, see Strukturlink Delta Links and SAP Content Objects.

By default, roles that contain the sap namespace com.sap.portals are not displayed in the role assignment function.

Integration

Role assignment is part of the User Administration role.

Hinweis

You can also assign UME roles and portal roles to users and groups using the standalone UME Web tool. Unlike the portal role assignment function, this tool does not check for the role assigner permission.

Prerequisites

· To use the Role Assignment function, you must be assigned to a portal role that contains the role assignment iView, for example, the Super Administrator, User Administrator, or Delegated User Administrator roles.

· To be able to assign a portal role to a user or group, you must have role assigner permission on the role that you want to assign. You assign role assigner permission to portal roles in the portal using the Permission Editor. For more information, see Strukturlink Role Assigner Permission.

Hinweis

Administrators assigned to the Super Administration or User Administration roles can assign all portal roles to users and groups. This is because these roles contain the UME.Manage_All action which implicitly provides role assigner permissions for all portal roles

· To be able to assign UME roles to users and groups, you need the UME action UME.Manage_Roles or UME.Manage_All.

Achtung

You should never assign the UME.Manage_Roles action to delegated user administrators, otherwise they can assign themselves the Administrator role and gain full administration rights on the J2EE Engine

Hinweis

As of NetWeaver ’04 SP11, you no longer require the UME.Manage_Users action to be able to assign users to roles.

Features

In the role assignment function, you can assign users and groups to roles, or inversely, assign roles to users and groups. You can search for users, groups or roles. The roles displayed in the role assignment function are both portal roles and UME roles.

Users and groups assigned to a role inherit the permissions of the role. By default this is end user permission. If you wish to change the permissions of the role, see Strukturlink Setting Permissions.

Properties of the Role Assignment Function

You can customize the role assignment function by changing the properties of the role assignment iView. The following table provides a list of the properties.

Property	Value	Description
Max Hits	Default value is 200. If you set the value to 0, all hits are displayed.	Defines how many hits are displayed when you search for a user, group, or role.
excludePcdRoles	Default value is com.sap.portal..	All roles whose ID begins with the value of this property are not displayed in the role assignment function. The default value of com.sap.portal. ensures that all roles in the SAP namespace are not displayed, as these roles should not be assigned to users.
user.searchAttributes	Comma-separated list. Default value is uniquename.	Defines which attributes are used to search for users.
group.searchAttributes	Comma-separated list. Default value is uniquename,description.	Defines which attributes are used to search for groups.
role.searchAttributes	Comma-separated list. Default value is uniquename.	Defines which attributes are used to search for roles.

Activities

Starting the Role Assignment Function

You start role assignment, by choosing User Administration ® Roles in the portal.

Changing the Properties of the Role Assignment Function

To change any of the properties listed above, proceed as follows:

1. In the portal, choose Content Administration ® Portal Content.

2. In the Portal Content Catalog, find the User Administration role that you use in your company. For example, this could be:

¡ Portal Content ® Portal Administrators ® User Administrators ® User Admin

¡ Portal Content ® Portal Administrators ® Super Administration ® Super Administrator

3. Click on the user administration role with the secondary mouse button and choose Open ® Object.

4. In the editor, navigate to the role assignment page.

In the delivered roles, it is at User Administration ® Roles ® Roles.

5. Open the page for editing by selecting the page and choosing Edit.

The page editor appears.

6. Select the Roles iView in the list and choose Properties.

The property editor for the Roles iView appears.

7. In Property Category, choose Show All.

8. Change the properties as required.

9. Save your changes.

For more information about using the Property Editor, see Strukturlink Editing iView Properties.