Show TOC

Mapping Logical Roles to Physical RolesLocate this document in the navigation structure

Administrators can map SAP Mobile Platform logical roles to physical roles that are defined in your identity management back-end systems. They can also edit existing role mappings. A set of role mappings exists for each security profile.


In Management Cockpit, select Start of the navigation path Settings Next navigation step Security Profile End of the navigation path, and select a security profile.


SAP Mobile Platform logical roles map to physical roles that are defined in the back-end system; two exceptions are:
  • Impersonator – maps only to the certificate that the reverse proxy uses to authenticate.

  • Notification User – can map to both physical roles and to the certificate of a user who has been authenticated by an X.509 User Certificate provider.


Valid certificate file extensions are .cer, .crt, .der, and .pem.


  1. Click to the left of the security profile name, click Role Mapping, and select the logical role to edit.
  2. Under Available Roles, select a physical role to map to the logical role, and click Add; to map all roles, click Add All.
  3. (Optional) To unmap a role, select the role under Mapped Roles, and click Remove; to unmap all roles, click Remove All.
  4. To map either the Impersonator role or the Notification User role to a certificate:
    1. Click Browse, select the certificate file, and click Add.
    2. In the Available Roles list, select the certificate, and click Add to move it to the Mapped Roles list.
  5. Save your changes, and close the dialog.


If your server is running in a cluster, changes are synchronized across the cluster.