SAP Mobile Platform includes default logical roles. These logical roles are manually mapped to physical roles in your identity management system in order to grant role-based access to SAP Mobile Platform.
The available roles and capabilities are:
Administrators interact with SAP Mobile Platform to perform high-level management. The administrator can perform all administrative operations in the SAP Mobile Platform Management Cockpit. To enable role-based access to the Management Cockpit, map the SAP Mobile Platform Administrator logical role to physical roles that exist in your security repository used for authentication and authorization.
Helpdesk operators interact with SAP Mobile Platform to review system information to determine the root cause of reported problems. Helpdesk operators have read-only access to all administration information in the SAP Mobile Platform administration console. They cannot perform any modification operations on administration console tabs, and cannot save changes made in dialogs or wizards.
Developers interact with SAP Mobile Platform to develop applications. The developer can perform development operations in the SAP Mobile Platform Management Cockpit, including application development.
The Notification User role is limited in scope. It enables sending push notifications to applications. The Notification User role invokes SAP Mobile Platform capabilities to send out notifications to clients. In SAP Mobile Platform, administrators configure the Notification security profile to determine the authentication credentials required to send push notifications. The administrator can update the Notification security profile to include any combination of authentication providers as needed. Administrators can configure the back end with a user X.509 certificate and connect to SAP Mobile Platform on its HTTPS listener configured to use mutual authentication (port 8082 by default). Once the Notification security profile is configured, you must edit the Notification-role-mapping.xml to map the Notification User logical role to the appropriate physical roles.
The Impersonator role has a narrow and specific scope. The Impersonator role establishes the trust relationship between the reverse proxy and SAP Mobile Platform Server, allowing the server to accept and authenticate the user's public certificate presented in the SSL_CLIENT_HEADER over the SSL connection established by the reverse proxy. It also enables SAP Mobile Platform to trust SSL_CLIENT_CERT headers from network edge certificate authentication.
|GenerationAndBuild.generationandbuildcontent||Generate and build operations.|
|NodeManager.deploycontent||Deploy and undeploy content operations.|