Delegating administration is the process of "distributing" the administrative tasks and content in the portal to dedicated administrators. This decentralizing capability allows you to selectively assign the tools, tasks, and content in the portal to individual administrators, based on their area of responsibility. This solves the problem of exposing administrators to the portal's entire set of administration tools and restricted company data, which is common in an environment where the tools and content are centralized and access cannot be controlled.
Delegating control and access over all portal components is made possible using the portal's object-based model (see How Are Portal Objects Linked? ).
Delegated administration enables you to do the following:
To customize the portal administration framework according to your business scenario.
To control the distribution and access of portal-related administrative tasks and content, thus reducing total cost of ownership (TCO) significantly. This is a key factor for any global enterprise.
To manage large-scale portal implementations.
To supervise the subsets of an organization's portal, thus relieving administrative bottlenecks.
SAP NetWeaver Portal offers fully customizable delegated administration, with user permissions, at the level of:
roles and worksets
portal objects in the Portal Content Directory (PCD)
users
1. Delegating Administration Roles
All administrative tools available in the portal are in effect iViews, which are subsequently integrated into task-oriented worksets. In an off-the-shelf installation of SAP NetWeaver Portal, these worksets are assigned to predefined sub-administration roles. See Understanding Preconfigured Portal Roles .
The preconfigured administration roles and worksets serve the following purposes:
To deliver the portal administration tools as modular building blocks, thus providing the flexibility to address any variation of administrative tasks typically performed by one and the same administrator or group of administrators.
To provide an example resembling how one would structure the delegation of administration tasks.
Since the preconfigured administration roles follow the standard SAP role concept, you can quickly adapt the preconfigured task delegation based on your own administration roles or vice versa to suit your environment.
For more information about configuring roles and worksets, see Creating and Editing Freestyle Roles and Worksets .
2. Delegating Portal Content Administration
SAP NetWeaver Portal also enables the assignment of delegated administration at the level of the Portal Catalog.
The Portal Catalog can include the following portal objects:
Content objects (iViews, pages, layouts, roles, worksets, packages)
System landscape objects
Knowledge management objects (resources, taxonomies)
The Portal Catalog organizes portal objects, including the content objects, in a hierarchical tree structure. You can set permissions to a tree node, such as a folder containing a group of iViews, or per object. Permissions are inherited to the child objects below a given node. Permissions include the editing and read capabilities of objects.
You assign permission to folders and objects per role, user group, or user; and thus define who is responsible for object customization and who is able to just view objects. For more information, see Permission Levels .
For information about assigning user, group, and role permissions to folders and objects in the Portal Catalog, see Portal Permissions .
After the initial deployment of the portal, one of the first tasks of the super administrator is to assign the standard content shipped with the portal to the relevant administrators that have been defined in the system.
3. Delegating User Administration
Delegated user administration allows you to distribute user administration between several administrators so that each administrator is responsible for a particular group of users and has access to a subset of roles. For example, you can designate one user administrator for each business area in your company, such as sales, marketing, and development. Each delegated user administrator can create, modify, and delete users only in the business area that he or she is responsible for, and can only assign roles for which he or she has the appropriate permissions. In addition, an overall user administrator has user administration rights for all users in the portal.
By default, the portal is not configured for delegated user administration. For more information about delegated user administration and how to configure it, see Configuring Delegated User Administration Using Companies .
4. Separating Role Creation and Role Assignment Capabilities
SAP NetWeaver Application Server (AS) Java enables you to create user administrators with separate role creation and role assignment capabilities. This is important both for compliance reasons and for ensuring the security of your system by preventing abuse from a single administrator.
For more information, see Segregation of Duties .