Administrators can map SAP Mobile Platform logical roles to physical roles
that are defined in your identity management back-end systems. They can also edit existing
role mappings. A set of role mappings exists for each security
In Management Cockpit, select
, and select a security profile.
SAP Mobile Platform logical roles map to physical
roles that are defined in the back-end system; two exceptions are:
Impersonator – maps only to the certificate that the reverse proxy uses to
Notification User – can map to both physical roles and to the certificate of
a user who has been authenticated by an X.509 User Certificate provider.
Valid certificate file extensions are .cer,
.crt, .der, and
- Click to the left of the security profile name, click Role
Mapping, and select the logical role to edit.
- Under Available Roles, select a physical role to map to the logical role, and click
Add; to map all roles, click Add
- (Optional) To unmap a role, select the role under Mapped Roles, and click
Remove; to unmap all roles, click Remove
- To map either the Impersonator role or the Notification User role to a
- Click Browse, select the certificate file, and
- In the Available Roles list, select the certificate, and click
Add to move it to the Mapped Roles list.
- Save your changes, and close the dialog.
If your server is running in a cluster, changes are synchronized across the