Skip to Content
avatar image
Former Member

Federation, remote role assignment based on ABAP roles on producer

Hi all,

We have implemented the federated portal solution for our ESS users. We use the ABAP stack of the producer portal as user store for consumer and have no problems in assigning portal roles on our consumer based on ABAP roles in the backend (displayed as groups in the portal).

Now we want to add some extra functionality (eg SRM and eRec) and we encounter some problems. These systems all have their own ABAP stack as user store. We have maintained the functional authorization model in the ABAP roles for instance in SRM. So an example:

System I: ABAP + JAVA --> ECC 6.0

Here we have the standard R/3 functionality and the producer portal (A) installed. Roles created on producer portal and assigned based on ABAP roles.

System II: JAVA --> NW 7.0 Portal

Our consumer portal (B) where we use roles created on the producer portal (A) on System I.

System III: ABAP + JAVA --> SRM

Our SRM system with SRM producer portal (C). In the ABAP stack of this sytem the functional SRM roles have been assigned to the users. We have created functional SRM Portal roles in order to use remote role assignment on consumer portal (B).

+PROBLEM+

We want to remotely assign portal roles created on the SRM Producer (C) to users on the consumer portal (B), based on the ABAP role assignment in the backend of system III. How can we achieve this in a fast and efficient way?

Looking forward to your ideas. Anything helpfull will be gladly awarded with SDN points.

Best regards,

Jan Laros

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Sep 15, 2008 at 07:58 AM

    Anyone any ideas?

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 15, 2008 at 12:55 PM

    Hello Jan,

    I have never worked on FPN but yaa we can achive ur desire by

    1) assigning proper permission as given in link below.

    [proper Permission|http://help.sap.com/saphelp_nw70/helpdata/EN/43/2236fc0b413fe1e10000000a11466f/frameset.htm]

    2) And then Assigning Users to Remote Roles.

    [Assigning Users to Remote Roles.|http://help.sap.com/saphelp_nw70/helpdata/EN/43/223e960b413fe1e10000000a11466f/frameset.htm]

    hope this help's

    regards.

    Soni Vinit

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Jan,

      I got what you are saying. I looked through our portals and its evident that the group search limits to the Build-in groups and UME (in our consumer case its Active Directory) but not to the producer groups.

      I don't know the answer to your question and I am keen in knowing how you'll get by this design problem.

      Earlier, when I explained my architecture to you, I am trying to tell something along the same lines (I didn't do a good job 😔).

      To provision a user, earlier, we used to:

      1) Add ABAP role

      2) Add Producer Portal Role

      3) Add Remote role on Consumer.

      Now we use the ABAP role in (1) as Java groups and decreased it to two steps:

      1) Add Producer Portal Role (ABAP Role/Group is added to this role)

      2) Add Remote role on Consumer.

      If you are able to find a better solution, the above process reduces to just one step.

      Regards,

      Kiran