UME Roles and Portal Roles
In the portal, you can manage both user management engine (UME) roles and portal roles. Both types of roles determine what users can do, but each with a different focus. The following table lists the main differences between these types of roles.
|
UME Roles |
Portal Roles |
|---|---|
|
Are a container for UME actions (actions are sets of Java permissions). |
Are a container for portal content (iViews, worksets, folders, and so on). |
|
Define a set of authorizations. By assigning a UME role, you define what authorizations a user has to run applications on SAP NetWeaver Applications Server (AS) Java. The authorizations are defined by the UME actions in the role. |
Defines how content is grouped together and how it is displayed in the portal. By assigning a portal role to a user or group, you define which content a user sees in the portal. Like UME roles, you can assign UME actions to portal roles. |
|
Are stored in the user management tables of the database of the AS Java. |
Are stored in the Portal Content Directory tables of the database of the AS Java. |
|
Are created with identity management. |
Are created with the Role Editor of the Portal Content Studio. |
|
Protect access to applications on the AS Java. |
Constitute a small part of the authorization concept of the portal. When you assign a portal role to a user or group, they get end user permission on the role. You can define role assigner permission on a portal role. Users or groups that are granted role assigner permission on a portal role can assign the portal role to users or groups. |
In the portal, we recommend that you work with portal roles.
Tools
The tools needed to manage UME and portal roles are identity management and the Portal Content Studio. The following table lists some of the differences in the use of these tools.
|
Activity |
Identity Management |
Portal Content Studio |
|---|---|---|
|
Create and edit roles |
UME roles |
Portal roles |
|
Assign UME actions |
UME roles and portal roles |
None |
|
Assign roles to users and groups |
UME roles and portal roles |
None. Can assign portal permissions for PCD objects to users and groups. |
To perform these activities you need the required permissions.
For more information, see the following:
Carmen Fernandez is assigned to the UME role Administrator and no other role. She has full administrator authorizations on the AS Java, but does not see any content in the portal. In contrast, Oleg Semenov is assigned to the portal Super Administrator role. He can see all the administrator functions when he logs on to the portal, and he has the corresponding authorizations on the AS Java.