Skip to Content
avatar image
Former Member

use the roles from bw system in the portal

hi

now we are maintain the users in the portal from the Active Dictionary.

i want to asign the roles of the bw system in the portal to the users.

when i asked a basis person, he said that we cant do it because we need to change our work to abap generator and stop using the Active Dictionary.

somebody know another way?

tnx

oren

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

6 Answers

  • Feb 02, 2008 at 09:47 PM

    Hi,

    Can I assume you mean "Active Directory" and not "Active Dictionary" ? The Active Directory product is a Microsoft product and often used for authentication of users accessing the Portal. When this is done, the roles and profiles are not involved and they are maintained in the same way as if Active Directory was not used for authentication. With this in mind, I cannot see what you would have to stop using Active Directory to change/assign roles to a user.

    Thanks,

    Tim

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 03, 2008 at 11:41 AM

    Hi

    Have you implemented teh CUA and SSO to login to BW and Portal ? ???

    REgards

    Add comment
    10|10000 characters needed characters exceeded

    • Oren,

      I think I understand better now. Thanks for explaining.

      If you are using the SAP SPNEGO Login Module to allow you to use Active Directory (Kerberos protocol) for authentication to the portal, this Login Module requires you to configure Active Directory as a UME data source, but you want to use the data source of your BW system in order for you to manage your roles from the user roles from the portal ?

      Is the above correct ? If so, I think I have a solution for you which will allow you to have UME configured to use BW user data source, but still use Active Directory for authentication. Please let me know if I understand correctly, then I will give more details and explain how this can be done. If I have missunderstood, then please can you explain which part of my above explanation is wrong.

      Cheers,

      Tim

  • avatar image
    Former Member
    Feb 03, 2008 at 07:25 PM

    i think that you understood me, but I am sorry that i want to be more clearly then before.

    i will tell you what is my problem.

    today we are giving users authorization on each system:

    a) ecc, bw and crm - with the org. management.

    b) portal - by assigning the group to users (that created in the active directory)

    because of this situation, in order to give a user the appropriate authorization, i need to assign him to a position in the bw org. management and to add him to a group in the portal.

    i thought that i can assign the user in the org. management in the bw, and assign the role (of the portal) to a group that the role of bw created.

    tnx again

    oren

    Add comment
    10|10000 characters needed characters exceeded

    • Oren,

      I think there are two options:

      1. You could continue with the current approach and manage roles using Active Directory group membership, and roles for other systems using org. management.

      2. You could implement a login module for the portal so that users can authenticate via Active Directory, but not use group membership for roles. This would be done by using UME with ABAP datasource instead of using Active Directory as a UME datasource.

      It seems to me that the issue is that you are using a different method of authentication with portal and so you have moved the management of roles to AD using group membership - this is not a problem for some companies, and has some advantages, but for you it seems it is not an ideal setup. Maybe it is worth considering alternatives.

      Thanks,

      Tim

  • avatar image
    Former Member
    Feb 03, 2008 at 08:30 PM

    hi tim

    i didn't understand your answer...

    you said that i can't manage the users in AD? if i want to see the BW roles in the portal (as a group).

    i heard today that there is a new tool that can support it, it's called Identity management... do you familiar with that?

    cheers

    oren

    Add comment
    10|10000 characters needed characters exceeded

    • Oren,

      If I understand the options correctly, then you can authenticate using AD and roles can either be managed in AD (as they are now) or you can manage roles in SAP instead if you prefer.

      Is it clearer now ?

      Yes, I know about the SAP IdM product. It was acquired by SAP when they bought a company called MaxWare. From what you have said so far though, I don't think this is what you are looking for.

      Thanks,

      Tim

  • Feb 04, 2008 at 09:24 AM

    >

    > i want to asign the roles of the bw system in the portal to the users.

    Effectively what you are asking to do is move your management of roles/authorisations to ABAP using UME, since you do not want to manage roles using Active Directory group membership for access to BW.

    >

    > when i asked a basis person, he said that we cant do it because we need to change our work to abap generator and stop using the Active Dictionary.

    Yes, I think your basis person was correct. However, you can still use Active Directory for authentication of users to the portal.

    >

    >

    > somebody know another way?

    No, sorry. I think you only have one solution.

    >

    > tnx

    > oren

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 05, 2008 at 05:53 PM

    I got the point and i will check more the option of IDM.

    tnx you all

    Add comment
    10|10000 characters needed characters exceeded

    • >

      > My understanding is that IdM is independent of CUA (though Tim might not have intended any similarity when mentioning "central user management").

      yes, you are correct... I was not relating IdM to SAP CUA, but trying to refer to IdM as a tool typically used for user enrollment, adding users centrally and then expecting the user to be added to each system/application required based on their role (e.g. job function). The scope of IdM often extends across many applications, and the products now available from SAP also have functionality outside of SAP products for registering and managing user identities in various applications and systems. Often IdM products are referred to as roles based user management tools.

      I think we are in agreement that the management of roles/authorisations are often not part of the scope for an enterprise wide IdM solution, and certainly from what I have seen of the product which SAP acquired from MaxWare this is not included, but I may have been mistaken.

      In conclusion - IdM is not the solution to the problem described in this thread.

      Thanks,

      Tim