Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Portal: security framework

Go to solution
mehmet_koc3
Explorer

‎05-26-2010 5:53 PM

0 Kudos

Hi experts,

I need your help related to datasource change. I read several forums and threads, but it's still not clear to me. I have not a real experience on portal security.

We are implementing SAP ECC 6.0 and NW Portal. I'm doing the authorisations in SAP ECC only.

Now, the portal team ask me the following : initially the portal was planned to use the ABAP UME datasource, now for governance reasons, they decided to use the LDAP as UME datasource.

I read in forums and I know that a change from ABAP UME datasource into LDAP datasource is not recommended by SAP. So, they are doing an initial implementation instaed.

Their question to me is : can you let us know what would be your security approach for the users, roles and authorizations management in the portal ?

Your input would be very appreciated.

Thank you very much

Cheers

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎05-27-2010 4:54 AM

0 Kudos

> Their question to me is : can you let us know what would be your security approach for the users, roles and authorizations management in the portal ?

Your portal iview will be controlled through UME roles. You would need to create a LDAP group for each Portal application(Can be viewed as group in UME) and map it to the UME role(created for portal iviews) in User management engine(UME). Through portal you can also define the backend system to control the authrizations in for the portal access.

You may want to see the document in the attached link for understanding the portal security integrated with LDAP and it's benefits.

http://www.pfitz1000.com/Samples/SecuritySolution_in_Detail.pdf

Thanks.

Anjan

4 REPLIES 4

Go to solution
Former Member

‎05-27-2010 4:54 AM

0 Kudos

> Their question to me is : can you let us know what would be your security approach for the users, roles and authorizations management in the portal ?

Your portal iview will be controlled through UME roles. You would need to create a LDAP group for each Portal application(Can be viewed as group in UME) and map it to the UME role(created for portal iviews) in User management engine(UME). Through portal you can also define the backend system to control the authrizations in for the portal access.

You may want to see the document in the attached link for understanding the portal security integrated with LDAP and it's benefits.

http://www.pfitz1000.com/Samples/SecuritySolution_in_Detail.pdf

Thanks.

Anjan

Go to solution
mehmet_koc3
Explorer
In response to Former Member

‎05-28-2010 3:01 PM

0 Kudos

Hi Anjan,

Thanks very much for the documentation.

I checked with Portal team, and apparently the end-user will logon only once on his Windows workstation, then SSO will be used to authenticate him with different entreprise applications (Portal and SAP and Other).

What I'm missing is the following : what are the different steps that we need to foreseen :

- if the UME datasource is LDAP, then does it mean that all users will need to be created in LDAP and syncronized with SAP clients and Portal ? What will be the source and target ?

- How do you manage the passwords, because I understood that LDAP doesn't contain passwords ?

- As before, do we create authorisation roles in the portal and in sap, and we syncronized them ?

Thanks a lot for any help

Cheers

Go to solution
Former Member
In response to Former Member

‎05-31-2010 11:10 AM

0 Kudos

> - if the UME datasource is LDAP, then does it mean that all users will need to be created in LDAP and syncronized with SAP clients and Portal ? What will be the source and target ?

All users should be present in the LDAP as user authentication for system login will be done through LDAP(if you are planning to have SSO implemented for portal users). Your source system is defined when the iviews are created in the portal.

User requesting access for portal application will be assigned to a Portal Active directory group which inturn will be linked to the UME role(providing access for the iviews). Backend authorization will be controlled through the roles created in SAP.

> - How do you manage the passwords, because I understood that LDAP doesn't contain passwords ?

Passwords for users can be managed through LDAP. However that password will be user's system login credentials. If SSO is implemented through portal then you wont need a password for accessing portal applications. The only thing that needs to be ensured is that SAP Id is same as that of user id through which user has logged in the system.

> - As before, do we create authorisation roles in the portal and in sap, and we syncronized them ?

Yes. Already explained in point 1.

Thanks.

Anjan

Go to solution
mehmet_koc3
Explorer
In response to Former Member

‎06-02-2010 8:58 AM

0 Kudos

Hi Anjan,

Thank you very much for your precious help. This was more than welcome, you have been very helpful.

Take care

Cheers