Creating User Roles

Objectives

After completing this lesson, you will be able to:

  • Create user roles

Create User Roles

Business Scenario

Your company is planning to develop a set of cloud-based applications based on the SAP Cloud Application Programming Model (CAP), and these applications will be deployed to the SAP Business Technology Platform (SAP BTP) as extension applications for the SAP Core back end systems.

In this exercise, you will perform the following task: Create user roles to protect your service entities.

Now, you can create roles to define different authorizations for your application. For example, you might want to ensure that some people can view data but are not able to edit them.

Note

Note that some of the services that this learning journey links to, can incur costs.

If you are concerned about charges, you can opt to skip the corresponding exercises and watch the simulation instead.

Exercise Options

You can perform this exercise in two ways:

  1. Live Environment: by using the instructions provided below, you can perform the steps in your SAP BTP account.
  2. Platform Simulation: follow the step-by-step instructions within the simulation.
Note
We strongly recommend performing the steps in the live environment first.

The following simulation reproduces the full exercise execution:

Task 1: Create and Configure User Roles

Steps

  1. Add a new role.

    Use the following data:

    FieldValue
    Role name(for example) RiskViewer
    Description(an entry of your choice)
    Privilege DefaultsRead

    1. If not there, go back to the Storyboard tab of the application.

      There are two ways to open the Authorization editor:

    2. Choose the Open Editor dropdown menu in the upper left part of the storyboard and select User Roles.

    3. Select the little man icon next to RiskManagementService in the Services tile.

      In both cases, the Authorization Editor opens.

    4. In the Authorization Editor, find the User Roles section on the left side.

    5. Choose the + icon to add a new role.

    6. Enter the role name, for example, RiskViewer.

    7. Choose Read as Privilege Defaults.

    8. Choose Save.

  2. Add the Service Entities for Risks and Mitigation as Read.

    1. Choose your newly created role.

    2. Select your created service in the Service Assignments field.

    3. Choose Add Service Entities.

    4. In the pop-up, switch on the assign toggle button for risks and mitigation.

    5. Check if the slider for privileges is selected as Read.

    6. Choose Save.

  3. Add a new role.

    Use the following data:

    FieldValue
    Role namefor example, RiskManager
    Description(an entry of your choice)
    Privilege DefaultsFull

    1. In the Authorization Editor find the User Roles section.

    2. Choose the + icon to add a new role.

    3. Enter a role name, for example, RiskManager.

    4. Enter a description of your choice.

    5. Choose Full as Privilege Defaults.

    6. Choose Save.

  4. Add the Service Entities for Risks and Mitigation as Full.

    1. Choose your created role, and select your created service in the Service Assignments field.

    2. Choose Add Service Entities.

    3. In the pop-up, switch on the assign toggle button for risks and mitigation.

    4. Check if the slider for privileges is selected as full.

    5. Choose Save.

Log in to track your progress & complete quizzes