This document describes the step by step procedure on how the portal groups are mapped to backend SAP ABAP roles. With this mapping, it helps to govern the User administration quiet easily that to only from backend – SAP ABAP side.
Note: This mapping can only be achieved when the UME (User Management Engine) of the portal is configured as SAP ABAP.
Target readers: SAP Security and SAP Enterprise Portal Consultants
Keywords: SAP Security, User administration, Portal group, Mapping of SAP roles to groups, EP
2. Mapping between Portal Group & SAP ABAP roles
Below gives the step-by-step procedure on how the mapping is done between Portal Groups & SAP ABAP roles.
Search the Portal Group which needs mapping to an R/3 role. Remember this mapping is in one-to-one relationship, but a Portal Group can have many Portal roles.
Select the Portal group searched above as indicated in blue arrow, then you would get the Details of this group on the below half of the screen. Click on the Modify button. Go on the tab ‘Assigned Child Groups’; search the SAP R/3 role to be assigned to this Group. Select the available roles from left box & ‘Add’ them to the Assigned Roles box at right. Once done click on ‘Save’ button.
Here you can observe that the SAP role you have searched would have the Data Source as ‘R3_ROLE_DS’.
3. User Administration Only from the SAP ABAP system
With the above Portal group – SAP role mapping, it becomes easier to manage the User Creation/ Maintenance & Role assignment part for any user from SAP ABAP (backend) front only. There would be no need to login to portal for any user maintenance.
Create a user in the backend SAP ABAP system of this linked portal (where mapping is done), this user would be automatically get shown on the portal with the same credentials.
If any modification of any user is performed, the same would be reflected on the portal.
Below shows screen-prints of a user created with the SAP ABAP role – ZTEST_MAPPING_ROLE assigned to his account in SAP ABAP backend systems.
We have mapped this role already to portal group: TEST_GROUP_SUPER_ADMIN above in point 2.
The above user Id – ZTEST_ADMIN is now reflected in the corresponding portal.
If we check the ‘Assigned Roles’ & ‘Assigned Groups’ tab of this user, it shows the corresponding Portal Roles & Groups assigned. This is automatically assigned through the role-group mapping done in section 3.
Note: Always make sure to check the Search Recursively checkbox for every search.
* Here, the other 2 roles (Everyone and BPEM End User) are automatically assigned for every user on portal which depends upon the condiguration of portal.
In below screen-print; we would see that the SAP ABAP role – ZTEST_MAPPING_ROLE and portal group – TEST_GROUP_SUPER_ADMIN is assigned with data source UME & R3_ROLE_DS respectively.
* The other two are the build-in groups which are assigned to every user on the portal.
With this we see how we can ease the User administartion activities by mapping the portal roles/groups to SAP ABAP roles.