Building Portal Sites on SAP Cloud Platform Cloud Foundry – Understanding the Role Concepts
|Building Portal Sites on SAP Cloud Platform Cloud Foundry|
Since my last blog post on an introduction to the Portal service on Cloud Foundry, there has been a significant change in how portal site contents are built and organized. We are used to creating a portal site where we maintain all the pages, app contents and site settings within each of the portal site. With the recent change, all the portal contents like apps, catalogs, groups and roles are created at the subaccount level. These objects can be shared across all the portal sites which are within the subaccount. Note that each portal site will continue to have its own pages as well as site settings and menu configurations. This approach makes it easy to reuse app contents across multiple sites.
The Portal contents are referred to as Business Contents. You can find more info on Managing Business Content in SAP Help.
When you login to the Site Directory, you will now see the “Content” menu visible.
For the purpose of demonstration, I have created two apps – News and Sales Order. News app is assigned to catalog & group with the name “General Updates”. The News app is also assigned to the “Everyone” role. On the other hand, Sales Order app is assigned to catalog & group with the name “Sales”. I have created a new role called “Sales” and assigned the Sales Order app to it. In case, you need help on how to create these business contents, you can refer my previous blog post.
Now, I am going to explore site specific settings by navigating to the specific site from the “Site” menu. When I edit the site, I get couple of menu items at the top – Pages, Menu, Setting.
In the settings menu, as an administrator, I can change the site settings. The important change here is that Roles need to be assigned to site in this section. As you can see, I have assigned the Sales role.
The Page menu is the same as before. You can create any number of pages for freestyle sites (which I demonstrate in the previous blog post). For this blog post, I have not made any changes to the default as I am only creating a site based on Fiori Launchpad.
Now let’s move to the interesting part.
“Everyone” role is provided out-of-the-box in each subaccount. Apps assigned to this role are visible to all authenticated users in all the sites of the subaccount. In Cloud Foundry, there is a concept of having a Role collection which is a combination of roles.
You would have created a Role Collection initially and added the “Super_Admin” role to launch the Site Designer. After creating a Role in the site designer, you will see it appear in the Role Collection. As you can see below, there is a new Role Collection called “Sales” in my subaccount.
In order to assign this Role to end user, you can navigate to the “Trust Configuration” and select “SAP ID service” and assign the Role Collection to each user.
When I now login to the Portal site as the business user, I can see the “Sales Order” app as well as the “News” app (assigned to Everyone role).
In the next blog post, I will show how you can setup trust with an Identity Provider like SAP Cloud Platform Identity Authentication service and map user groups so that you don’t have to manually assign Role Collection to each user.