Just to be clear...you do know that portal "roles" have nothing to do with backend/"ECC" roles (you "can" use them but not typical).
In most cases, you will use whatever is you user store for your portal....for example, Active Directory.....you will "group" users in Active Directory.....for example "US employees" group.....then in the portal, you assign portal roles to your AD group(s) (*not directly to users as this becomes a user management nightmare!).
Now, your portal role simply dictates WHAT groups of iViews, pages, etc the user has access to within the portal. Think of it as simply exposing content....it shows the users all the possible "doors" to the ECC/backend that they "might" access.....but allowing them to be able to then open/enter those doors is where the ECC security roles will pick it up from there. Once the user has the "door" exposed to them from their portal role for their group(s), then the actual user will be passed through (the iView) to the actual backend/ECC application...which is where the backend user's role is then used. Because you set up "trust" between the portal and the backend, it doesn't display a login page but instead simply passes in the user's credentials (user/pass tokenized/cert)...this is how the backend "knows" who the user is in it's own user store (not AD).
Make sense?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.