Show TOC

Process documentationPermission Model Locate this document in the navigation structure

 

Access to portal content is controlled via permissions, which are set by the portal administrator.

One mechanism for controlling access to portal components and services in the portal is via security zones, as follows:

  1. Developers assign their components and services to a security zone, by specifying the security zone in the portalapp.xml.

  2. Once the components and services are deployed to the portal, a portal administrator assigns permissions on the security zone. The permissions of a security zone control access to all components and services in that security zone.

The security zone for a component or service is specified by the following portalapp.xml properties:

  • Vendor Name (such as com.sap), the default is UndefinedVendor

  • Security Area (such as NetWeaver.Portal), the default is UndefinedSecurityArea

  • Safety Level (such as high_safety), the default is UndefinedSafetyLevel

The portal system administrator sets the permission for each security zone, and all components and services in the zone inherit these permissions.

Note Note

A service's permission only affects access to the service when exposed as a Web service. All components, no matter the user who generated the request, have permission to access all services.

End of the note.

For more information on security zones, see Security Zones.

For more information on portal permissions, see Portal Permissions.

Process

Setting the Security Zone

The security zone for a component is defined by properties in two places in the deployment descriptor (portalapp.xml) file for the application in which the component is deployed:

  • <application-config>: The Vendor and SecurityArea properties set the vendor name and security area for all components in the application.

    Syntax Syntax

    1. <application-config>
    2.   <property name="Vendor" value="sap.com"/>
    3.   <property name="SecurityArea" value="MyCompany"/>
    4. </application-config>
    End of the code.

  • <component-config>: The SafetyLevel property for each component sets the safety level for that component.

    Syntax Syntax

    1. <component-config>
    2.   <property name="ClassName" value="com.sap.portal.myComponent"/>
    3.   <property name="SafetyLevel" value="low_safety"/>
    4. </component-config>
    End of the code.

During deployment, an application's components and services are placed in the appropriate security zone, as defined in the portalapp.xml. A portal administrator can then modify the permissions on the security zone or on the component or service.

Note Note

Content developers and portal administrators should work together in determining what security zones to create and in which security zones to place each component and service.

End of the note.
Changing the Security Zone

To change the security zone for a deployed component or service, change the Vendor Name, Security Area and Safety Level properties in the portalapp.xml file and redeploy the application.