Hi Naveen,

The MANAGE_LICENSE permission is part of the Manage_all action which is only assigned to the super admin role. Therefore only users who have the super admin role assigned are able to manage licenses.

The administration tools of the portal, such as the Cluster Administration Console and other components in the package com.sap.portal.runtime.system.console, cannot be used by roles which are not super administrator.

Roles defined in the UME parameter: "ume.portal_admin.role" are super

administrators.

Cluster Administration Console, administration tools, super_admin

Because these tools have a great impact on the security of the portal, only the super administrator has the rights to work with them. When launched, these tools check whether or not the user is a super administrator.

These tools can be used if the user has one of the roles defined in the

UME parameter: "ume.portal_admin.role".

The portal comes with a minimal set of permissions assigned to its initial content. These default permissions are designed to provide maximum security for a freshly installed portal.

The default permissions settings are sufficient to enable users assigned to the super administrator role to work and gain access to all initial content. They also enable the remaining standard administration roles (content, system, and user) to access tools specific to these roles, but not to initial content objects. For example, a content administrator has access to the Portal Content Studio, but is not able to gain access to any content objects, such as iViews, pages, and roles—the Portal Catalog in the Portal Content Studio is empty.

This topic describes the default permissions assigned to the initial content of the portal.

The initial permissions are only valid for a fresh and full installation of the portal. When upgrading a portal, the initial permissions script in the portal is not executed. This prevents the permissions in an existing portal from being overwritten.

For guidelines on reconfiguring the strict initial permissions to allow the pre-configured portal roles to access initial content objects relevant to their role, read Configuring Permissions for Initial Content in SAP Enterprise Portal 6.0 (SP9 & Higher)

Permissions for Super Administration Role

The standard super administer role is assigned maximum access to the entire set of portal initial content.

The user store and data source of the User Management Engine used in your organization determines which standard administrator users are members of the standard Administrators user group after the portal is installed. The Super Administrator role is assigned by default to the Administrators group. Therefore, initially all standard administrator users have super administrator permissions in the portal.

Cheers,

Shaym