Part 2: Assign roles to Role Collection
In Cloud Foundry we use the Role Collection which contains all the list of role templates. In the security section navigate to “Role Collections” to view the list of role collections. Each role collection can hold multiple roles. The user is then assigned the appropriate role collection. Example, we can create two role collections one for basic read user access and one for read/ write access and accordingly assign the role collection to your user.
- To assign the roles navigate the SCP Cockpit to “Role Collections” tab and create a new role collection.
- Select “Add Role” and add the roles:
Part 3: Assign the Role Collection to user
Here we assign the role collection to an identity provider. In this case we have “SAP ID Service”. Each corporate organization can have its own identity provider configured by the basis. More details about identity provider setup can be found here [link].
One advantage of Cloud Foundry over Neo environment that I find useful is we dont need to create a HANA dB user and make use of the AppToAppSSO to secure our applications, although there are many advantages of CF over Neo. In Cloud Foundry we use the JWT token that authenticates the user. To know more about the JSON Web Token follow the [link].
- On the SCP Cockpit navigate to “Trust Configuration” and select your identity provider:
- Specify your email Id and select “Assign Role Collection”:
More references can be found at:
In next part we look at how to Implement NodeJS and XSJS APIs for reading the roles assigned to a user.