Assigning Role Collections

After completing this lesson, you will be able to:

After completing this lesson, you will be able to:

  • Assign role collections

Assign Role Collections: Exercise Overview


You will add a role collection to access your deployed application through the SAP BTP cockpit with an authenticated and authorized user.

As the name implies, role collections "group together authorizations for resources and services. Role collections consist of individual roles. Role collections are account-specific. Role collections that exist in the global account don’t exist in the subaccounts. Likewise, role collections in subaccounts aren’t available in the global account."1.

The way this application is designed, the deployed service can only be accessed when a user has a corresponding role collection assigned. If users tried to open the application without this authorization, they would get a Forbidden message. In this exercise, you will see how to assign the role collection to a user.


You added the UI and approuter to the mta.yaml file.

Watching the Simulation and/or Performing the Steps

In this exercise you find a simulation and a list of all steps, displayed in the simulation. Performing the steps below allows you to follow the simulation in your own trial account.

Assign Role Collections

Task 1: Assign a Role Collection


  1. Assign a role collection.

    1. In your subaccount in the SAP BTP cockpit tab navigate to the Security tab. Choose Users and click on your username.

    2. After clicking on your user, a new view displays at the right side. Click on the Assign Role Collection button.

    3. From the list, choose RiskManager-DEV. Click on the Assign Role Collection button.

      Now you are ready to access the application!

    4. In the left pane of your subaccount, navigate to the Cloud Foundry tab and choose Spaces.

    5. Select your space.

    6. Verify that the risk-management application has been deployed and that the risk-management-approuter is running.

    7. Choose the row risk-management-approuter.

    8. Choose the link under Application Routes.

    9. Verify that the deployed application is running and showing its home screen.

    10. Press the Risks tile and then in the application the Go button.

      You should see the final deployed application with the data:

      In some cases, your browser might still have cached the authorization information from the previous app call. When you still receive the Forbidden message, try to either delete your browser cache and cookies or to close and reopen your browser.


You have assigned a role collection to access the application through the SAP BTP Cockpit.

Reference Links: Assigning Role Collections

For your convenience this section contains the external references in this lesson.

If links are used multiple times within the text, only the first location is mentioned in the reference table.

Reference Links: Role Collections

Ref#SectionContext text fragmentBrief descriptionLink
1Assign Role CollectionsAs the name implies, role collectionsRole collections

Save progress to your learning plan by logging in or creating an account