Assigning Users to Remote Roles 
Content usage mode: remote role assignment Applies to: consumers
The functionality described in this topic is not available in an SAP NetWeaver Composition Environment system. End of the note. |
This topic describes how a user administrator on an SAP NetWeaver consumer portal can assign local users or groups to remote roles (or remote roles to local users and groups) that exist on an SAP NetWeaver producer portal.
Prerequisites
An FPN connection, which pairs the consumer portal with producer portal, exists.
The consumer portal is registered with the producer portal.
The same user base exists on both producer and consumer portals.
The user administrator on the consumer portal has been assigned role assigner permission to the remote role, by the system administrator or content administrator on the producer portal. For more information, see Exposing Roles on the Producer for 'Remote Role Assignment' Usage.
You have access to Identity Management tool on the consumer portal. It is available by default in the standard User Admin or Delegated User Admin roles in the portal.
NoteYou can also work with the Identity Management tool as standalone console or in the SAP NetWeaver Administrator, as long as the remote producer portal is running. For more information, see Identity Management.
End of the note.You have been assigned at least administrator read permission to the FPN connection that represents the remote producer portal on which the remote roles reside. For more information, see Assigning Administrator Permissions to FPN Connections.
Procedure
To perform remote role assignment, use the Identity Management tool to select a remote role and then assign local users or groups to it, or select a local user or group and then assign a remote role to it. See instructions below.
Assigning Users/Groups by Role
On the consumer portal, navigate to
User Administration 
Identity Management 
.In the Get field, search for the remote role.
NoteUse the dropdown list adjacent to the Get field to specify the search scope for the remote role:
To search local data sources and all registered producers, choose All Data Sources.
To search only registered producers, choose Remote Data Sources.
To select a specific producer, choose it. Each producer portal is identified by its producer alias.
End of the note.Select the role to display its details.
Edit the role.
In the Assigned Users or Assigned Groups tab, search for the local users or groups you want to add to the role.
Assign the appropriate users and groups to the role.
Save your changes.
Assigning Roles by User/Group
On the consumer portal, navigate to
User Administration Identity Management .In the Get field, search for the local user or group.
Note that in the dropdown list adjacent to the Get field, All Data Sources refers only to local data sources.
Select the user or group to display its details.
Edit the user or group.
In the Assigned Roles tab, search for the remote role to which you want to assign the user or group.
NoteUse the dropdown list adjacent to the Get field to specify the search scope for the remote role.
End of the note.Assign the appropriate roles to the user or group.
Save your changes.
For general information about assigning roles to users, see Assigning Portal Roles to Users and GroupsAssigning Roles to Users and Groups.
Result
You have assigned local users to a remote role residing on another SAP NetWeaver producer portal. Users assigned to that role will receive content that is rendered at runtime by the remote producer portal.
Caution
If the remote content accesses a producer-side backend system that requires authentication, you need to set up trust between the remote backend system and your portal. For general information about setting up trust between SAP NetWeaver Portal and an SAP system, see Accepting Logon Tickets Issued by the AS Java.