Skip to Content

In the previous blogs of this series we have seen what the goal of FPN is overall and how you can set up the environment. You can find the link to those 2 blogs at the end of this one. Within this blog here, I would like to go deeper into the topic “How can I share content between my portals?”

As said in the previous blogs already, the federated portal network is all about linking from one portal to the content of another portal and thus creating a relation between them. SAP currently offers 3 options on how you can share content between the portals:

  • Remote Role Assignment (RRA)
  • Remote Delta Links (RDL)
  • Web Services for Remote Portlets content sharing (WSRP content sharing)

RRA and RDL can only be used for sharing content between SAP NetWeaver Portals and I am focusing on these two sharing modes in this article. WSRP can be used when federating portals from different vendors and we will cover this more in detail in a later edition of this blog series.

Before going into the details of the content sharing modes and their meaning, let me illustrate the standard content creation tasks within a portal:

  1. In some cases, like Web Dynpro Java applications, you can deploy those applications to the Application Server of the portal.
  2. You create an iView that will enable the access to an application, report, information …
  3. You build a page that contains iViews and this page defines layout and arrangement of them.
  4. You can create a workset that defines clusters of related tasks (pages + iViews and maybe some additional navigation structures).
  5. Worksets are bundled into a role which defines a person’s responsibilities and authorizations in the organization.
  6. Roles are assigned to portal users or groups.

Now, in the following paragraphs I will cover some more details on the individual content usage modes and their relation to a “classical content creation process”.

Remote Role Assignment (RRA)

As the name already indicates, we can share roles from one portal with another. On the producer portal you are going through the whole content creation process and define a role for your organization. Then in the consumer portal this role can be assigned to users through the standard user administration tools. Thus you have the majority of portal content administration steps performed on the producer portal and use the consumer portal only for providing those roles to users (see figure 1). The only option for modifying those roles slightly on the consumer portal is role merging. This means that you could define IDs that merge the navigation structure and content from different roles into one content offering for end users (more documentation on role merging is available on SAP Help: http://help.sap.com/saphelp_nw70/helpdata/en/53/89503ede925441e10000000a114084/frameset.htm)

 
Figure 1 – Remote Role Assignment: Portal Content architecture

So how does Remote Role Assignment work then? You can use the standard functionality in the portal in “User Administration „³ Identity Management”. There, since SAP NetWeaver 7.0 SPS 09 you can find a modified UI offering drop down boxes for data sources. If you have defined a producer system and alias successfully before, you can find this in the field data sources. For example you could search for all roles that you have permissions for on a specific producer portal. You can assign this role to local users on your consumer portal (see Figure 2)

 
Figure 2 – Remote Role Assignment Screenshot

One remark at the side: Behind the scenes when assigning a remote role to a user on the consumer portal those roles are assigned to the same user on the producer portal too. This is done in order to really show during runtime only content that the user has permissions for on the producer portal.

Remote Delta Links (RDL)

Remote Delta Links are following the paradigm of usual delta links, but enable using them cross-portal. With a delta link, you basically create a child of an object (e.g. iView) and can modify its properties. All non-modified properties are going to be inherited directly from the original object, thus changes on the original are reflected in the delta-linked object. All changed properties contain “broken delta-links”, thus they won’t change if the original changes. You can create remote delta links for iViews, pages, worksets and roles. This gives you the possibility to adjust the content to the needs on the consumer portal and integrate them into the local content offering (see figure 3).

 
Figure 3 – Remote Delta Links: Portal Content architecture

How does RDL creation work? If you go into the portal content directory (pcd) of your consumer portal, you could see the entry “NetWeaver Content Producers”. In there you can find the aliases of the producers that were created (see figure 4). Clicking on them will show the portal content that you are allowed to see. You can right-click on this portal content and paste it as local content into the pcd of the consumer. On the consumer you will then see a small symbol with a globe, indicating that this object is inherited from a remote location.

 
Figure 4 – Remote Delta Link Screenshot 

Remote Role Assignment vs. Remote Delta Links

After I have explained those 2 modes: Now, when should you use which one? Is Remote Role Assignment or Remote Delta Links more beneficial for you? Of course there’s no simple answer to that and it always depends on what you want to do. But here are some general guidelines and recommendations.

First of all, you should make yourself clear, in which portal you would like your content administrators to work. There might be 2 major options: Case 1 –  If you establish a federated portal network, because different departments within your company would like to work on their individual portals and share this content, then content creation activities are desirable on a producer portal. Case 2 – If you are setting up a federation due to technical reasons, like different SPS or releases should be available for the portal or you would like to distribute load, then you still would like to have the majority of content admin activities in one central place – the consumer portal. With Remote Role Assignment you can perform the full content creation process on the producer side and on the consumer you only assign those roles to users – thus this might help more in the case 1. With remote delta links you can manage the portal content, like building up navigations structure, adjust permissions to objects … on the consumer – thus it might be more desirable in case 2.

Required modifications on the consumer are an important consideration as well: If you would like to adjust content on the consumer, then Remote Delta Links provide more flexibility then Remote Role Assignment. Mergingremote roles is a valid option too, but you will come to its boundaries quite fast.

Performance might influence your decision too: If you are using remote roles you should be aware that during the initial log on of a user to consumer portal those roles will be fetched if they aren’t in the cache anymore. Thus the connection between consumer and producer will influence the logon time to the consumer portal. Remote delta linked objects will only be fetched when they are accessed by the enduser (of course only if they are not integrated into the top-level-navigation).

Moreover, the user stores connected to the portals might influence your decision too. At the moment there is an open restriction existing for remote roles: In case you are connecting different user stores to your producer and consumer portal, then you cannot assign remote roles to groups. An example for this would be a consumer portal connected to a corporate LDAP user store and the producer portal to an ABAP CUA (central user administration). Reason for this limitation is that FPN cannot make sure that the groups are identical on both user stores – even if the ID seems to be identical it’s not sure whether the contained users are consistent. This would impose a security risk otherwise. Thus remote roles can then only be assigned to individual users. In case you will face this constellation, it might be more advisable to create remote delta links of roles, paste these roles into your local pcd and then assign them to groups on the consumer portal.

There might be some more factors influencing your decision the content usage mode, but as of now these are the major ones that I encountered so far. Hope this helps when you are facing the situation that you would like to choose the right content usage mode for your scenarios.

So far for the content sharing modes Remote Role Assignment and Remote Delta Links. In the next edition of this blog series I will give you some more insights on WSRP.

 

Overview Blog Series FPN:

An Introduction to Federated Portal Network (FPN)
FPN Part II – Configuring a Federated Portal Network
FPN Part III: Sharing Content between SAP NetWeaver Portals in an FPN – this blog

To report this post you need to login first.

9 Comments

You must be Logged on to comment or reply to a post.

  1. Former Member
    Jana

    Thanks for the blog, it is very good.  We had a question though…

    Are there any changes to the user management API’s to cater for the remote assignment of roles?  If so, can you please let me know the javadoc reference for this?

    Thank you

    Bernard

    (0) 
    1. Jana Richter Post author
      Hi Bernard,

      You can do remote role assignment via the UME API, but the information like producer IDs that have to be provided are not
      accessible through public APIs. Therefore you cannot access remote roles through the UME API. Currently there are no plans to
      extend the UME API with such features.

      Best regards
      Jana

      (0) 
    1. Jana Richter Post author
      Hi Marcel,

      in my next blog I will cover this more in detail. Up to now you can find the latest information on WSRP here in SDN at WSRP Application Sharing . WSRP support is available in SAP NetWeaver 7.0 since SPS 9. JSR 168 is currently only supported in SAP NetWeaver CE 7.1.

      Best regards
      Jana

      (0) 
  2. Former Member
    Jana, this weblog series is a clear introduction on the topic, and it has shed light on several doubts I had. Thank you.

    Just one issue.

    Although you just show how to build a FNP when using NW 7.0, you talk about the possibility of different NW portal releases in a FNP (in 1st as well as in the 3rd weblog):

    “[…] there are needs for different portals that run on different releases or SP Stacks […]”

    “[…] If you are setting up a federation due to technical reasons, like different SPS or releases should be available for the portal […]”

    However, I read the following in the Business Explorer Suite and NetWeaver Portal Integration FAQ:
    http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000683769&_SCENARIO=01100035870000000112&_OBJECT=011000358700006358642006E

    “Q. Is it possible to use an SAP EP 6.0 Portal with a federated portal?
    A. No. Only SAP NetWeaver 7.0 (2004s) BI Portals support the federated portal approach. An SAP EP 6.0 Portal could not be a consumer or producer portal in a federated portal system landscape.”

    Therefore I wonder whether a FNP with different portal releases is indeed feasable.

    Thanks & Regards, Davide

    (0) 
    1. Jana Richter Post author
      Hi Davide,

      we are starting with SAP NetWeaver 7.0 to provide FPN functionality. With SAP NetWeaver Composition Environment 7.1 (currently under ramp-up) we have the first release where you run two portals in a federation in different release cycles. There the 7.0 portal is a consumer portal of content provided by an CE 7.1 producer portal. In the future we will follow this direction, of course.

      Best regards
      Jana

      (0) 
  3. Former Member
    Hi Jana,

    Thank you for your really instructive blogs. I have a question related to RRA and RDL.

    How can we build links on html pages rendered in an iView to go to another workset using remote role assignment? I tried absolute, relative and object based navigation but when clicked from my consumer portal, it brings me to the section in the producer portal.

    How to have a click on a link affecting navigation on the consumer and not on the producer?

    Thank you!
    Renaud

    (0) 
  4. Former Member
    We wish to take advantage of composites developed in CE, can we use CE as our main consumer portal?  I see many use cases describing 7.0 as primary consumer portal with CE as a producer portal, is this use case optional or required?  Can 7.1 consume 7.0 content?
    (0) 
  5. Former Member
    Hi Jana,

    I have been working on EP for more than a year.
    I usually import Portal Certificate in R/3 for SSO and it does me the work.

    Now in this case, Portal to Portal do we have to exchange the certificates of both to each other or will Consumer certificate import to Producer portal will do for me in this scenario?

    Please advice.

    Regards,
    Dipesh

    (0) 

Leave a Reply