Security Zone and Safety Level 

Security Zone

The security zone provides a way during the development phase to abstract the security level that a portal component or a portal service will require at runtime.

Technically the zone is a string defined in the portal application descriptor. From a PRT perspective there is no restriction, any string may represent a security zone. From an administration perspective, however, it is necessary to normalize the way portal components use this concept.

The portal application developer does not need any knowledge of the name of the roles or the name of the users that will be present in the portal environment in which the portal application will be installed.

The zone defines a logical catalog containing a set of portal objects.

The administrator of the portal environment has to associate the principal of the system to the zones by creating ACLs that define the permission needed to access to a specific zone.

Example

Security Zone	Description
com.sap.portal.runtime	Zone containing all PRT system components such as ErrorComponent, ConfigComponent

Safety Level

Within a zone, you can define different safety levels. Each of these safety levels can then be assigned to different permissions by the administrators of the system. This mechanism helps portal administrators to organize and classify objects belonging to a zone.

The PRT does not make any assumptions on the value representing a safety level, it could be any string. The portal runtime recommendation is to use the following values:

Safety Level	Description
HIGH_SAFETY	Administrator rights are required to access to a zone. The user has to be member of the system_admin role, for example
MEDIUM_SAFETY	User has to have certain roles in the system to enter the zon, such as content_admin for portal applications
LOW_SAFETY	User needs to be authenticated to enter the zone
NO_SAFETY	Anonymous access is allowed