Role Assignment in Portal
-
Upload
deepak-goku -
Category
Documents
-
view
216 -
download
0
Transcript of Role Assignment in Portal
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 1/19
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 1
Portal Security: Security Zones,Permissions and UME Actions.
Applies to:
SAP NetWeaver Portal (NW2004s), For more information, visit the Portal and Collaboration homepage.
Summary
Troubleshooting access issues in NetWeaver Portal is quite different and bit complicated. With nofunctionality as ST01/SU53 (ABAP) in NW Portal, it’s very important for any Security consultant to have thisknowledge. This document begins with the simple example on how to create a portal role and its userassignment, and it ends with making the portal role functional by introducing basic trouble shootingtechniques.
Author: Akshay Agarwal
Company: IBM India Pvt Ltd.
Created on: 16 April 2010
Author Bio
Akshay Agarwal, is working in IBM. And has more than 3.5 years of experience in SAP Security, wheremostly on MDM, NW Portal, XI, GRC, and Vendavo.
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 2/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 2
Table of Contents
Role Creation and User Assignment ......................... ......................... .......................... ........................ .......... 3
Security Zones ........................ ........................ ......................... .......................... .......................... ................. 8
Permissions ................................................................................................................................................ 13
UME Actions ........................... ......................... ........................ .......................... .......................... ............... 16
Related Content .......................... ......................... ......................... ......................... ........................... .......... 18
Disclaimer and Liability Notice .......................... ......................... ......................... ......................... ................ 19
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 3/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 3
Role Creation and User Assignment
Let us start with an example of Portal role creation and its user assignment.
Check out the folder named “Contents Provided by SAP” folder. It has all the portal content which isdelivered by SAP for e.g SAP delivered Portal roles, iviews etc.
Create a portal role (e.g PORTAL TEST)
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 4/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 4
Add pre-existing content(role/iveiw/workset/folder) to the new role as shown in the screen shot below:
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 5/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 5
Now you can customize the role as per the requirement
pcd:portal_content/….. com.test.PORTAL_TEST
In this example we have deleted all the worksets except the one shown below:
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 6/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 6
We are now assigning this role to the user ID: PORTAL_TEST
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 7/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 7
Now try logging in with the Test Id PORTAL_TEST and check out the run time error as shown below:
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 8/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 8
Security Zones
As per help.sap.com Security zones enable a system administrator to control which portal components andportal services a portal user can launch. Once a portal application has been deployed in a portal, anadministrator with access to the central Permission Editor must assign authorized users, groups, or roles tothe security zone to which the portal component or service belongs. Security zones are displayed in thePortal Catalog in a hierarchical structure.
Check out the above run time error in Netweaver Administrator>>Monitoring> Logs and Traces as shown in
the screen shots below:
The error tells us that the new role is not defined in the Netweaver.Portal/medium_safety security zone.
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 9/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 9
Now we will trace out the above mentioned path. Login with system admin userID (Having full access to
System Administration)
Go to System Administration> Permissions>Browse> SecurityZones>sap.com>Netweaver.Portal>medium_safety
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 10/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 10
Below is the folder under medium_safety for which permissions were denied as our new role was not definedfor this security zone.
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 11/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 11
Now we need to add our new role to this security zone. Double click on the above folder to open thePermission Editor window as shown below:
As shown above search for the role “Portal_TEST” , select it and click on “Add”. By doing this we areassigning the required security zone to this newly created role.
Now again login with the test ID: Portal_TEST, you can see that the run time error no more occurs.
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 12/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 12
Now check out the difference between the above screen (UserID: PORTAL_TEST) and below screen(UserID:Admin). You can see that “Portal Content” folder is missing in the above screen.
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 13/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 13
Permissions
We need to assign the permissions to have access to the “Portal Content” folder. Login with the AdminuserID and Go to
System Administration>Permissions> Browse>Portal Content
Assign the new role to the above path. As shown below read permissions have been assigned to the role:
Now try logging again with the test Id. You can see the folder is visible now with only read permissions. Youcan only open the object but cannot edit it.
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 14/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 14
Login again with the admin Id and change the permission from “Read” to “Full Control” as shown in thescreen shot below:
Check out the difference now. Test Id has all the options to perform as shown in the screen shot below:
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 15/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 15
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 16/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 16
UME Actions
As per help.sap.com an action is a collection of Java permissions that define which activities a user canperform. If a role with a UME action is assigned to a user, the user gains the authorizations provided by theaction. The UME verifies that users have the appropriate UME actions assigned to them before grantingthem access to UME iViews and functions. Other applications can also define or check for actions.
On the right hand side of the below screen you can see a group of UME actions pertaining to User Adminrole. You can assign UME action by clicking on “Yes” “No” options as shown below.
Or you can directly assign the UME action to the role as shown in the screen shot below:
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 17/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 17
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 18/19
Portal Security: Security Zones, Permissions and UME Actions.
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2010 SAP AG 18
Related Content
http://service.sap.com/securityguide
http://service.sap.com/security
http://www.sdn.sap.com/irj/sdn/security
http://help.sap.com
For more information, visit the Business Intelligence homepage.
8/10/2019 Role Assignment in Portal
http://slidepdf.com/reader/full/role-assignment-in-portal 19/19
Portal Security: Security Zones, Permissions and UME Actions.
Disclaimer and Liability Notice
This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not
supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.
SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document,
and anyone using these methods does so at his/her own risk.
SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article orcode sample, including any liability resulting from incompatibility between the content within this document and the materials and
services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this
document.xbi