Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ABAP roles v/s Portal Roles

Former Member

‎07-15-2008 8:48 PM

0 Kudos

Hi All,

Currently I was going through EP security docs where I came across this

"An important difference between ABAP roles and Portal roles is that in the portal,no authorizations are defined for the backend application itself. This must still be

done within the backend applications (for example, mySAP ERP)."

Can somebody plz explain me this..

Would also like to know more difference between ECC and EP security,

Thanks,

Ajit

6 REPLIES 6

Former Member

‎07-15-2008 10:26 PM

0 Kudos

Hi Ajit,

I have been looking into this for some time as well, but am still not sure of some things myself nor which scenarios fit best to which security aspects.

My understanding is that it depends on how the portal is connecting to the backend.

If the portal user is the backend user, then the portal role is just a permission to click on things in the portal. The portal roles are mapped to the backend roles in the ABAP system (so you can, and need to, define what that portal role can infact do when the portal user "clicks" in the backend, using the backend roles of the same backend user context).

If the portal user is not the backend user (i.e. it is a system service for generic access to the backend), then you should restrict the backend access to the bare minimum of that service and control the security in the portal application (the calling application) as the backend user context is not the same.

So it is a "design" answer as well...

There are a few good posts about this if you use the search. If you find a good one, then please link it here so that others who use the search and follow up on their questions can use it as well.

At the top of the forum, there is a sticky thread on FAQs and other usefull discussions. Sadly, portal security does not have any links yet, so if you find a good one then let me know.

Cheers,

Julius

Former Member

‎07-16-2008 1:25 PM

0 Kudos

I think what this is meant to convey is that the portal role really only provides a "front end" access - like that of a menu. For example, if you have a tcode - let's say FB01 - and you have implemented this in the portal. The portal role only gives access to execute the tcode (in the portal it would be an iview), but there is no control for what company codes are accessible in the portal role. This has to be done in the backend ABAP role. Therefore, portal roles needed to be mapped to backend ABAP roles.

Former Member
In response to Former Member

‎07-17-2008 11:12 AM

0 Kudos

Hi,

Role in the portal and role in sap r/3 or BI is something totally different. Role in the portal gives the activities you can perform in the portal. You must see this as the presentation. Role in SAP R/3 gives the activities in the R/3, the organization and the information. You can define groups in the portal and connect these groups with (composite) roles from the back-end. For instance, if you use the portal for BI reports and have structured this reports to processes(FI or SD) and (organizational) functions(presentation) you can develop in the back-end the role for that function with the information, activity and organization and connect this role with the group in BI belonging to the organizational function such as a bookkeeper, a sale representative.

have fun

bye Jan van Roest

Former Member

‎07-18-2008 1:35 AM

0 Kudos

Hi All,

Thankyou for providing all your inputs...

Currently we are in process of getting the ABAP roles

linked to Portal.

We have Composite roles(existing in CUA) which consists of single/derived roles and one EP role (called shell role) in each of Composite role.

Can you provide more inputs/suggestions on such linking?

Regards,

Ajit

Former Member
In response to Former Member

‎07-18-2008 2:15 PM

0 Kudos

I would recommend that you use the same naming convention for the portal roles and ABAP roles - this will help in the mapping. The portal role cannot be exactly the same since it's name includes the location, but at least part of the name will be a recognizable match. Otherwise you will need some kind of cross reference.

Former Member

‎07-25-2008 12:39 PM

0 Kudos

Hi ,

The concept of linking has been quite clear till now...

I came accross some info which stated that

"The portal roles can be created intially (in portal)and then they can transfered into the backend SAP system"

This is reverse approach tht I came across..

Please illustrate how this can be done??

Which approach serves better...??

Thankyou,

Ajit