Role Assignment
Use
The identity management function in the portal allows you to assign roles to users and groups. The roles you assign to a user or group should reflect their function in the company. You can assign either portal roles or UME roles.
Portal roles define how content is grouped together and how it is displayed in the portal. By assigning a portal role to a user or group, you define which content that user or group sees in the portal
UME roles define a set of authorizations. By assigning a UME role to a user or group, you grant the set of authorizations that the role defines to the user or group.
In the portal, we
recommend that you work with portal roles. For more information, see
UME Roles and Portal
Roles.
You should not
assign roles that are in the SAP namespace, for example, roles that begin with
com.sap.portals. You should only assign users to delta links of
roles that are in the SAP namespace. This prevents your changes being
overwritten when you upgrade your portal. For more information, see
Delta Links and SAP
Content Objects.
By default, roles that contain the sap namespace com.sap.portals are not displayed in the role assignment function.
Integration
Identity Management is part of the User Administration role.
Prerequisites
· To use the identity management function, you must be assigned to a portal role that contains the role assignment iView, for example, the Super Administrator, User Administrator, or Delegated User Administrator roles.
·
To assign a portal
role to a user or group, you must have role
assigner permission on the role that you want to assign. You assign
role assigner permission to portal roles in the
portal using the Permission Editor. For more information, see
Role Assigner
Permission.
Administrators assigned to the Super Administration or User Administration roles can assign all portal roles to users and groups. This is because these roles contain the UME.Manage_All action which implicitly provides role assigner permissions for all portal roles
· To assign UME roles to users and groups, you need the UME action UME.Manage_Roles (in addition to UME.Manage_Users or UME.Manage_Groups) or UME.Manage_All.
You should never assign the UME.Manage_Roles action to delegated user administrators, otherwise they can assign themselves the Administrator role and gain full administration rights on the J2EE Engine
Features
In the identity management function, you can assign users and groups to roles, or inversely, assign roles to users and groups. You can search for users, groups or roles. The roles displayed in the role assignment function are both portal roles and UME roles.
Users and
groups assigned to a role inherit the permissions of the role. By default this
is end
user permission.
To change the permissions of the role, see
Setting
Permissions.
Activities
Starting the Identity Management Function
To start role assignment, choose User Administration →Identity Management in the portal.
Changing the Properties of the Identity Management Function
To change the Identity Management properties, proceed as follows:
1. In the portal, choose Content Administration → Portal Content.
2. In the Portal Content Catalog, find the User Administration role that you use in your company. For example, this could be:
¡ Portal Content → Portal Administrators → User Administrators → User Admin
¡ Portal Content → Portal Administrators → Super Administration → Super Administrator
3. Click on the user administration role with the secondary mouse button and choose Open → Object.
4. In the editor, navigate to the identity management page.
In the delivered roles, it is at User Admin → User Administration → Identity Management.
5. Open the page for editing by selecting the page and choosing Edit.
The page editor appears.
6. In Property Category, choose Show All.
7. Change the properties as required.
8. Save your changes.
For more
information about using the Property Editor, see
Editing iView
Properties.