Skip to Content
Author's profile photo Former Member

Easy Enterprise Portal User administration by Portal to ABAP role mapping

1.  Introduction

          This document describes the step by step procedure on how the portal groups are mapped to backend SAP ABAP roles. With this mapping, it helps to govern the User administration quiet easily that to only from backend – SAP ABAP side.

Note: This mapping can only be achieved when the UME (User Management Engine) of the portal is configured as SAP ABAP.

Target readers: SAP Security and SAP Enterprise Portal Consultants

Keywords: SAP Security, User administration, Portal group, Mapping of SAP roles to groups, EP

2.  Mapping between Portal Group & SAP ABAP roles

    

     Below gives the step-by-step procedure on how the mapping is done between Portal Groups & SAP ABAP roles.

     Search the Portal Group which needs mapping to an R/3 role. Remember this mapping is in one-to-one relationship, but a Portal Group can have many Portal roles.

/wp-content/uploads/2013/09/1_282279.png

     Select the Portal group searched above as indicated in blue arrow, then you would get the Details of this group on the below half of the screen. Click on the Modify button. Go on the tab ‘Assigned Child Groups’; search the SAP R/3 role to be assigned to this Group. Select the available roles from left box & ‘Add’ them to the Assigned Roles box at right. Once done click on ‘Save’ button.
Here you can observe that the SAP role you have searched would have the Data Source as ‘R3_ROLE_DS’.

/wp-content/uploads/2013/09/2_282280.png

3. User Administration Only from the SAP ABAP system

    

With the above Portal group – SAP role mapping, it becomes easier to manage the User Creation/ Maintenance & Role assignment part for any user from SAP ABAP (backend) front only. There would be no need to login to portal for any user maintenance.

Create a user in the backend SAP ABAP system of this linked portal (where mapping is done), this user would be automatically get shown on the portal with the same credentials.

If any modification of any user is performed, the same would be reflected on the portal.

Below shows screen-prints of a user created with the SAP ABAP role – ZTEST_MAPPING_ROLE assigned to his account in SAP ABAP backend systems.

We have mapped this role already to portal group: TEST_GROUP_SUPER_ADMIN above in point 2.

/wp-content/uploads/2013/09/3_282360.png

    

     The above user Id – ZTEST_ADMIN is now reflected in the corresponding portal.

/wp-content/uploads/2013/09/4_282361.png

If we check the ‘Assigned Roles’ & ‘Assigned Groups’ tab of this user, it shows the corresponding Portal Roles & Groups assigned. This is automatically assigned through the role-group mapping done in section 3.

Note:  Always make sure to check the Search Recursively checkbox for every search.

/wp-content/uploads/2013/09/5_282365.png

* Here, the other 2 roles (Everyone and BPEM End User) are automatically assigned for every user on portal which depends upon the condiguration of portal.

In below screen-print; we would see that the SAP ABAP role – ZTEST_MAPPING_ROLE and portal group – TEST_GROUP_SUPER_ADMIN is assigned with data source UME & R3_ROLE_DS respectively.

* The other two are the build-in groups which are assigned to every user on the portal.

/wp-content/uploads/2013/09/6_282366.png

With this we see how we can ease the User administartion activities by mapping the portal roles/groups to SAP ABAP roles.

Assigned tags

      7 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ganugapenta Pradeep Kumar
      Ganugapenta Pradeep Kumar

      Good work Daya 🙂

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Thanks Pradeep

      Author's profile photo Former Member
      Former Member

      Thanks for sharing

      Author's profile photo Former Member
      Former Member

      Thanks Dayanand for sharing this.

      However let me remark this procedure is not specific for Portal but you can use it for Java stacks in general as long as UME is pointed to ABAP. For uploading real portal roles from ABAP you can use as well the Role Upload functionality within Portal. For more information please go here:

      http://help.sap.com/saphelp_nw73/helpdata/en/d6/7859ec80df46738e23ccb4f4c8c502/frameset.htm

      Regards,

      José M. Prieto

      Author's profile photo Former Member
      Former Member
      Blog Post Author

      Thanks Jose for sharing the info.

      Yes, I agree - this can be used for other functionalities too where UME is pointing to ABAP.

      Author's profile photo Former Member
      Former Member

      Thats Good Document...

      Author's profile photo Former Member
      Former Member

      Can somebody tell me if it is still possible with this configuration to assign ABAP roles via the portal when you have an automatic role assignment through ABAP?

      Thanks in advance.