Skip to Content

This blog is part of a series which is related to setting up Cloud Identity to authenticate Cloud Portal in different scenarios.

In the previous blogs, we had a look at how to use Social Media login to gain access to SAP applications using SCI. In this blog, I am going to show how you can manage and assign Portal roles based on the way in which the user profiles are created in SCI. The Cloud Portal (based on Fiori Launchpad) has catalogs and groups which contain the applications. These applications are shown as tiles to the user. Based on the user logging into the Portal, relevant tiles will be displayed to them via the corresponding catalogs/groups. I am going to take an example of two roles – Employee and Manager.

Create a Portal Site

The first step is to create new Portal site using the Portal Service.


Provide a name as Self-Service and select the template “SAP Fiori Launchpad”


From the menu, select “Catalog” and create two catalogs – one for Employee and another for Manager.


Ignore the warning message against both the catalogs.


Similarly, create two groups – Employee Group and Manager Group


Create a sample App for each of the roles. Navigate to Apps menu and create a simple URL based App as shown below.


Notice that this App is assigned to the “Employee Catalog” and “Employee Group” which were created earlier.


Similarly, create another App called “Manager App” and assign it to Catalog “Manager Catalog” and group “Manager Group”.


Create HCP Roles and Assign to users

Now, we need two roles to be defined for Employee and Manager and these roles needs to be assigned to the respective catalogs and Groups. Navigate to the “Configure SAP HANA Cloud Portal” section in the HCP cockpit


Add two new roles – Employee and Manager and assign them to the respective users as shown below


I have created two test users – One for Employee and the other for Manager in SCI. Notice that I have assigned SCI User P000030 with the HCP employee role


Assign these HCP roles to the respective catalogs and groups as shown below


Make sure you assign the Manager role to the Manager Group.


With this we are done with the role assignments and we can test this. Publish the site from Site settings. Clear the browser cache and try to login with the User ID created to test Employee role. You will be challenged with a SCI login screen. Provide the user ID credentials for the Employee user.


You will be presented with the Tiles relevant for employee roles. Notice the corresponding SCI User ID – P000030 (which represents the employee user)


Logoff and login again using the user assigned to manage role.


In the next blog, we will see how to use SCI to map these user roles.

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply