Entering content frame

Function documentation Role Assignment Locate the document in its SAP Library structure

Use

The portal generates an individual user interface for each user according to the roles assigned to him or her. What the user sees in the navigation and in the portal pages all comes from his or her roles. Therefore it is very important to assign users and groups to roles that reflect their function in the company.

Caution

You should not assign roles that are in the SAP namespace, for example, roles that begin with com.sap.portals. You should only assign users to delta links of roles that are in the SAP namespace. This prevents your changes being overwritten when you upgrade your portal. For more information, see Content Object Model.

Integration

Role assignment is part of the User Administration role.

Features

In the role assignment function, you can assign users and groups to roles, or inversely, assign roles to users and groups. You can search for users, groups or roles.

Users and groups assigned to a role inherit the permissions of the role. By default this is end user permission. If you wish to change the permissions of the role, see Setting Permissions.

Permissions Required for the Role Assignment Function

Roles

Administrators assigned to the Super Administration or User Administration roles can assign all portal roles to users and groups. This is because these roles contain the UME.Manage_All action which implicitly provides role assigner permissions for all portal roles.

Delegated user administrators can only assign a role if they have Role Assignerpermission for that role object. They do not need to have any administrator or end user permissions on the role object. For more information on portal permissions, see Structure linkPermission Levels.

Users and Groups

Normally, administrators can assign roles to all portal users and groups.

If, however, you have set up delegated user administration in your portal, the following applies:

·        Overall user administrators can assign roles to all users and groups.

·        Delegated user administrators can only assign roles to users in their own company. They cannot assign roles to groups.

Properties of the Role Assignment Function

You can customize the role assignment function by changing the properties of the role assignment iView. The following table provides a list of the properties.

Property

Value

Description

Max Hits

Default value is 200.

If you set the value to 0, all hits are displayed.

Defines how many hits are displayed when you search for a user, group, or role.

excludePcdRoles

Default value is com.sap.portal..

All roles whose ID begins with the value of this property are not displayed in the role assignment function.

The default value of com.sap.portal. ensures that all roles in the SAP namespace are not displayed, as these roles should not be assigned to users.

user.searchAttributes

Comma-separated list.

Default value is uniquename.

Defines which attributes are used to search for users.

group.searchAttributes

Comma-separated list.

Default value is uniquename,description.

Defines which attributes are used to search for groups.

role.searchAttributes

Comma-separated list.

Default value is uniquename.

Defines which attributes are used to search for roles.

Activities

Starting the Role Assignment Function

You start role assignment, by choosing User Administration ® Roles in the portal.

Changing the Properties of the Role Assignment Function

To change any of the properties listed above, proceed as follows:

       1.      In the portal, choose Content Administration ® Portal Content.

       2.      In the Portal Content Catalog, find the User Administration role that you use in your company. For example, this could be:

¡        Portal Content ® Portal Administrators ® User Administrators ® User Admin

¡        Portal Content ® Portal Administrators ® Super Administration ® Super Administrator

       3.      Click on the user administration role with the secondary mouse button and choose Open ® Object.

       4.      In the editor, navigate to the role assignment page.

In the delivered roles, it is at User Administration ® Roles ® Roles.

       5.      Open the page for editing by selecting the page and choosing Edit.

The page editor appears.

       6.      Select the Roles iView in the list and choose Properties.

The property editor for the Roles iView appears.

       7.      In Property Category, choose Show All.

       8.      Change the properties as required.

       9.      Save your changes.

For more information about using the Property Editor, see Editing iView Properties.

Leaving content frame