Show TOC

Protecting Access to Suite Page Builder Admin PageLocate this document in the navigation structure

Administrators should be able to access the Suite Page Builder and the Admin Page User Interface on the same host and port. In order to personalize pages, end users need access to the Suite Page Builder, but not to the admin page.

To prevent end users from accessing the admin page, you have to execute the Suite Page Builder either on two different hosts or on two different ports:
  • On one of the hosts or ports, administrators can access both the Suite Page Builder and the admin page.
  • On the other host or port, end users can access the Suite Page Builder only.

This means that in the Web Dispatcher configuration file, you have to configure two hosts or ports for the same Suite Page Builder. You can then use a modification action to forbid access to the admin page on one of these hosts or ports, or to redirect users to another page.

Example

To prevent access to the admin page using different ports, refer to the below example:
  1. Add a modification action to the SAP Web Dispatcher configuration file (sapwebdisp.pfl)
    Code Syntax icm/HTTP/mod_<xx> = PREFIX=/sap/bc/ui5_ui5/sap/ARSRVC_SPB_ADMN/,FILE=protectadmin.txt
    Note In icm/HTTP/mod_<xx>, <xx> must be specified in ascending order from 0.
  2. Define a URL access restriction in the file protectadmin.txt:
    Code Syntax
    1. # Restrict access to admin page for a specific port
    2. if %{SERVER_PORT} = <port for end user access>
    3. RegIForbiddenUrl /sap/bc/ui5_ui5/sap/ARSRVC_SPB_ADMN/(.*) -