Permission Model

Use

Access to portal content is controlled via permissions, which are set by the portal administrator.

One mechanism for controlling access to portal components and services in the portal is via security zones, as follows:

Developers assign their components and services to a security zone, by specifying the security zone in the portalapp.xml .
Once the components and services are deployed to the portal, a portal administrator assigns permissions on the security zone. The permissions of a security zone control access to all components and services in that security zone.

The security zone for a component or service is specified by the following portalapp.xml properties:

Vendor (vendor ID such as com.sap ), the default is UndefinedVendor
SecurityArea (such as NetWeaver.Portal ), the default is UndefinedSecurityArea
SafetyLevel (such as high_safety ), the default is UndefinedSafetyLevel

The portal system administrator sets the permission for each security zone, and all components and services in the zone inherit these permissions.

Note

A service's permission only affects access to the service when exposed as a Web service. All components, no matter the user who generated the request, have permission to access all services.

For more information on security zones, see Security Zones .

For more information on portal permissions, see Portal Permissions .

Process

Setting the Security Zone

The security zone for a component is defined by properties in two places in the deployment descriptor ( portalapp.xml ) file for the application in which the component is deployed:

<application-config>: The Vendor and SecurityArea properties set the vendor ID and security area for all components in the application.

                     <application-config>
                       <property name="Vendor" value="sap.com"/>
                       <property name="SecurityArea" value="MyCompany"/>
                     </application-config>

<component-config>: The SafetyLevel property for each component sets the safety level for that component.

                     <component-config>
                       <property name="ClassName" value="com.sap.portal.myComponent"/>
                       <property name="SafetyLevel" value="low_safety"/>
                     </component-config>

During deployment, an application's components and services are placed in the appropriate security zone, as defined in the portalapp.xml . A portal administrator can then modify the permissions on the security zone or on the component or service.

Note

Content developers and portal administrators should work together in determining what security zones to create and in which security zones to place each component and service.

Changing the Security Zone

To change the security zone for a deployed component or service, change the Vendor , Security Area and Safety Level properties in the portalapp.xml file and redeploy the application.