Skip to Content
Technical Articles
Author's profile photo Murali Shanmugham

Building Portal Sites on SAP Cloud Platform Cloud Foundry – Understanding the Role Concepts


Since my last blog post on an introduction to the Portal service on Cloud Foundry, there has been a significant change in how portal site contents are built and organized. We are used to creating a portal site where we maintain all the pages, app contents and site settings within each of the portal site. With the recent change, all the portal contents like apps, catalogs, groups and roles are created at the subaccount level. These objects can be shared across all the portal sites which are within the subaccount. Note that each portal site will continue to have its own pages as well as site settings and menu configurations. This approach makes it easy to reuse app contents across multiple sites.

The Portal contents are referred to as Business Contents. You can find more info on Managing Business Content in SAP Help.

When you login to the Site Directory, you will now see the “Content” menu visible.

For the purpose of demonstration, I have created two apps – News and Sales Order. News app is assigned to catalog & group with the name “General Updates”. The News app is also assigned to the “Everyone” role. On the other hand, Sales Order app is assigned to catalog & group with the name “Sales”. I have created a new role called “Sales” and assigned the Sales Order app to it. In case, you need help on how to create these business contents, you can refer my previous blog post.

Now, I am going to explore site specific settings by navigating to the specific site from the “Site” menu. When I edit the site, I get couple of menu items at the top – Pages, Menu, Setting.

In the settings menu, as an administrator, I can change the site settings. The important change here is that Roles need to be assigned to site in this section. As you can see, I have assigned the Sales role.

The Page menu is the same as before. You can create any number of pages for freestyle sites (which I demonstrate in the previous blog post). For this blog post, I have not made any changes to the default as I am only creating a site based on Fiori Launchpad.

Now let’s move to the interesting part.

Role Concept

“Everyone” role is provided out-of-the-box in each subaccount. Apps assigned to this role are visible to all authenticated users in all the sites of the subaccount. In Cloud Foundry, there is a concept of having a Role collection which is a combination of roles.

You would have created a Role Collection initially and added the “Super_Admin” role to launch the Site Designer.  After creating a Role in the site designer, you will see it appear in the Role Collection.  As you can see below, there is a new Role Collection called “Sales” in my subaccount.

In order to assign this Role to end user, you can navigate to the “Trust Configuration” and select “SAP ID service” and assign the Role Collection to each user.

When I now login to the Portal site as the business user, I can see the “Sales Order” app as well as the “News” app (assigned to Everyone role).

In the next blog post, I will show how you can setup trust with an Identity Provider like SAP Cloud Platform Identity Authentication service and map user groups so that you don’t have to manually assign Role Collection to each user.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Phil Cooley
      Phil Cooley

      Nice blog Murali Shanmugham and cannot wait to get my hands dirty on portal setups in Cloud Foundry. It is fairly different to the way portal sites are created and maintained in Neo so really good that you have provided these resources for the SAP Community. Thanks!

      Author's profile photo Mariajose Martinez
      Mariajose Martinez

      Hi Murali!

      How can I do to export the site? I cannot find the option in this new layout of the Site Directory.

      I want the whole code to make some changes like adding into the html.index a chatbot id channel from Conversational AI.

      Thanks in advance!

      Author's profile photo mahesh zeple
      mahesh zeple

      Hello Mariajose Martinez,


      Did you find any solution for exporting and importing CF Portal Sites ?

      Thanks ,

      Mahesh Z.

      Author's profile photo Luisa Grigorescu
      Luisa Grigorescu

      Hi Murali,


      Thank you for dedicating your time and energy in writing this tutorial. I find it really useful as most websites only offer support for the SCP Portal in the Neo environment. 🙂


      Do you know if there is a way I can assign pages to roles? As far as I can see you can only assign apps to roles. In an old document they are mentioning "Assign Page Access", but I don't think that is valid anymore as the link seems quite old.

      Author's profile photo Parag Garg
      Parag Garg

      Hi Murali Shanmugham ,

      Very nice blog series. I have following queries, if you have any info around them, please share:

      1. How to Assign Page Access based on role i.e. one group of users should see Page1 & 2 while another group of users should see Page 3 & 4.
      2. How to enable public/guest user access for CF portal site with selective pages e.g. Home, About Us, FAQs etc.
      3. CF site do not have login widget. Once guest access is enabled, how to provide sign-in capabilities?

      Iris Sasson: Do you have any info/reference for above listed queries?




      Author's profile photo Jan Loehe
      Jan Loehe

      Hi Murali,


      I am also keen to understand how Role restrictions could be applied to pages and / or navigation similar to what can be done in NEO.

      Or is that not yet possible?

      Following note doesn't refer to this (potential) gap:


      Thanks, Jan

      Author's profile photo mahesh zeple
      mahesh zeple

      Hello Murali,

      How to perform Import and Export of these Sites ? Like it is there in Neo.

      Thanks ,

      Mahesh Z.

      Author's profile photo Ranjithkumar Ayyavu
      Ranjithkumar Ayyavu

      Hello @Murali Shanmugham  ,

      How to assign a role for the Catalog and Groups. is it no more needed?