Note: SAP HANA Cloud Portal was renamed to "SAP HANA Cloud Platform, portal service" in May 2016.
A role is basically a collection of permissions that defines a function within a portal to which users and/ or groups are assigned. Roles and authorizations are created for various job functions within organizations. With the new role-based authorizations concept provided by SAP HANA Cloud Portal, you can now easily manage user access and permissions at the site and page levels.
The existing authorization mechanism has been enhanced to support the following role types:
Managing Roles and Groups
Organizational roles (defined in HCP as custom roles) can be created via the HANA Cloud Platform cockpit from the new Application Subscription view. These custom roles are created per application subscription. Custom roles are accessible only within the account where they are created; therefore different accounts subscribed to the same Cloud Portal application could have different custom roles.
To access the roles management page in productive accounts:
In trial accounts the roles are created from the Services view by selecting Manage Roles at the SAP HANA Cloud Portal service line.
In the HANA Cloud Platform cockpit you can also define groups to map individual users authorized by the identity provider (SAP ID service or others). The same groups can be assigned to organizational roles. Ideally, groups will help you get better alignment between technical application level roles and organizational roles. For more information see: Managing Roles and Groups
Once the organizational roles are defined in the cockpit, Cloud Portal administrators can view these roles in Cloud Portal’s administration space under the Authorization tab (Organization Roles) – currently read only.
Site authors can use these roles to set permissions at the site and pages level in alignment with the role-based authorization concept. The Access Management panel has been redesigned to enable role assignment at the site and pages level as well as manage end users access (site guests).
Restricting Access to Sites and Pages using Organizational Roles
Sites / pages can have one of the following access levels:
By default, every page inherits the access definitions from its parent:
Pages can break inheritance to define a stricter access level:
To assign a role to a page the author should hover over the role tile and click on Allow Page Access. From that point, all the users/ groups assigned to that role will be able to access the page, however unauthorized users will not see the page in the navigation menu. If you decided to strict the page access using role-based access level, at least one role must be allowed to access the page.
The site aggregates all organizational roles used anywhere in the site. Once a new role is added to a site / role-based page
Finally, when a role is deleted - it is automatically deleted from all sub-pages.
What's next?
As of today (June 18, 2014) the new roles and authorizations mechanism is available for all trial and productive Cloud Portal users.
We invite you to experience the new functionality and provide us with your feedback (either in this blog or via email).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
38 | |
19 | |
13 | |
13 | |
10 | |
10 | |
10 | |
10 | |
8 | |
8 |