Show TOC Entering content frame

Background documentation Delegating Administration Tasks Locate the document in its SAP Library structure

Purpose

Once tenants have been set up in the portal, certain portal administration tasks can be distributed to tenant administrators. Delegated tenant administrators can then be responsible for managing users and content in the portal for their respective tenant only.

The concept of delegating administration tasks in a multitenant portal is based on the same functionality supported by a standard SAP NetWeaver Portal installation (see Delegated Administration in the Portal Administration Guide). However, due to the inherent security risks resulting from running multiple customers in a single portal infrastructure, you need to impose several restrictions to ensure that the users and data for each tenant are isolated from other tenants. 

Note

Tenant administrators are assigned to a single tenant only. Global administrators, depending on their permissions, can have privileges to maintain either all or no tenants.

 

Integration

When a tenant is created in the portal, two delegated administration roles are automatically created for each tenant: a user administration role and a content administration role (see Initial Folders, Content, and Permissions for Tenants). You can use these roles as they are, modify them, or replace them with self-created roles. For guidelines on how the distribution of administration tasks is recommended across global and tenant administration roles in a multitenant portal environment, see Administrator Types in a Multitenant Portal. If you intend to use these delegated administration roles, you need to assign them to specific tenant users.

The standard system administration role supplied with the portal is by default not offered to tenant administrators. This role contains tools that directly and indirectly compromise cross-tenant security, such as the ability to access users and content of other tenants, and to deploy portal applications with potential hacking capabilities. You can create a new tenant administration role or extend an existing one to include certain system administration tools that are permission-enabled or which do not impose a security threat across tenants, such as the Portal Desktop Editor, Portal Display Rules Editor, and Theme Editor.

 

See Also

If you want to manually create additional user or content administration roles for tenants, see the following:

·        Creating Tenant User Administrators

·        Creating Tenant Content Administrators

For detailed information on performing user management and content administration in the portal, see:

·        Managing Users, Groups, and Roles

·        Content Administration for Portal Tenants

 

Leaving content frame