Assigning Users to Remote Roles
Applicable to: remote role assignment
Use
This topic describes how you assign local users or groups on your consumer portal to remote roles and vice versa.
Prerequisites
● You have added the producer portal, tested the connection, and registered your portal as a consumer.
● The same user base exists on both producer and consumer portals.
● You have been assigned role assigner permission to the remote role by the system administrator or content administrator on the producer portal. For more information, see Exposing Roles on the Producer for 'Remote Role Assignment' Usage.
● You have access to Identity Management tool on the consumer portal. It is available by default in the standard User Admin or Delegated User Admin roles in the portal.
You can also
work with the Identity Management tool as stand-alone console or in the SAP
NetWeaver Administrator, as long as the remote producer portal is running. For
more information, see
Identity
Management.
● A role exists on the producer portal to which the following UME actions and user have been assigned:
○ UME actions: Remote_Producer_Write_Access and Remote_Producer_Read_Access
○ User: pcd_service
For more information, see Setting Permissions on the Producer for 'Remote Role Assignment'.
● You have been assigned at least administrator read permission on the producer object that represents the portal from which the remote role originates. For more information, see Assigning Administrator Permissions to Producer Objects.
Procedure
To perform remote role assignment, use the Identity Management tool to select a remote role and then assign local users or groups to it, or select a local user or group and then assign a remote role to it. See instructions below.
Alternatively, you can bypass the Identity Management tool by using an XML script to perform remote role assignments from the consumer. For more information, see Using XML to Automate Federated Portal Network Tasks.
Assigning Users/Groups by Role
...
1. On the consumer portal, navigate to User Administration → Identity Management.
2. In the Get field, search for the remote role.
Use the dropdown list adjacent to the Get field to specify the search scope for the remote role:
■ To search local data sources and all registered producers, choose All Data Sources.
■ To search only registered producers, choose Remote Data Sources.
■ To select a specific producer, choose it. Each producer portal is identified by its primary producer alias.
3. Select the role to display its details.
4. Edit the role.
5. In the Assigned Users or Assigned Groups tab, search for the local users or groups you want to add to the role.
6. Assign the appropriate users and groups to the role.
7. Save your changes.
Assigning Roles by User/Group
...
1. On the consumer portal, navigate to User Administration → Identity Management.
2. In the Get field, search for the local user or group.
Note that in the dropdown list adjacent to the Get field, All Data Sources refers only to local data sources.
3. Select the user or group to display its details.
4. Edit the user or group.
5. In the Assigned Roles tab, search for the remote role to which you want to assign the user or group.
Use the dropdown list adjacent to the Get field to specify the search scope for the remote role.
6. Assign the appropriate roles to the user or group.
7. Save your changes.
For general information about assigning roles to users, see Assigning Roles to Users and Groups.
Result
You have assigned local users to a remote role residing on another NetWeaver producer portal. At runtime, users assigned to that role will receive content rendered by the remote producer portal.
If the remote
content accesses a producer-side backend system that requires authentication,
you need to set up trust between the remote backend system and your portal.
For general information about setting up trust between SAP NetWeaver Portal
and a SAP system, see
Configuring SAP Web AS
ABAP to Accept Logon Tickets from the J2EE Engine.