<p>about your learning experience to help us improve.</p>

You've completed

cleanFiles/bookmap_Configuring_SAP_CIAM_for_B2B_en-US_learning-sap-com_lsc-prod.zip (MMCP-DROPZONE) - 2024-12-05T11:57:17.000Z

Building Your Access Policy

<div id="content"><dl><dt><strong>Introduction to the Authorization Model</strong></dt><dd>Before you can build an authorization model, it’s critical to understand its foundation. Policies in SAP Customer Data Cloud for B2B allow you to manage and delineate who can access specific assets and what actions they can perform. Let’s dive into how you can establish a robust authorization model.</dd><dt><strong>Elements of Policy-Based Access Control</strong></dt><dd>​A Policy is driven by four main elements: <ul style="list-style-type:disc"><li tabindex="0">Assets/Asset Types, Actions, and Applications</li><li tabindex="0">Organization Availability</li><li tabindex="0">Automated Assignments</li><li tabindex="0">Conditions</li></ul></dd><dt><strong>Understanding Your Authorization Model</strong></dt><dd>To define your authorization model, ask yourself these questions:<ul style="list-style-type:disc"><li tabindex="0">Which applications will use SAP Customer Data Cloud B2B for authentication and authorization?<p tabindex="0">Typically, each application is created in SAP Customer Data Cloud B2B</p></li><li tabindex="0">What information does each application need to make an authorization decision? <p tabindex="0">For example, groups like ‘b2badmingroup’, ‘b2bcustomergroup’, or ‘b2bmanagergroup’ need to be defined as assets for integration with SAP Commerce Cloud</p></li><li tabindex="0">How will you control organization members’ access? <p tabindex="0">Use <strong>Automated Assignments</strong> to provide specific access to members of organizations</p></li><li tabindex="0">Are some assets available only under specific conditions such as date &amp; time, IP address, etc.?<p tabindex="0">Use <strong>Conditions</strong> and <strong>Asset Type Rulesets</strong> to restrict access under those specific scenarios</p></li></ul></dd></dl></div>

Create an Access Policy by Defining Policies and Specifying Related Assets

<div id="content"><p tabindex="0">​In the following video, we'll guide you through the process of creating a tailored access policy. Specifically, we'll be demonstrating how to create an authorization model by defining policies and specifying the assets they relate to. By the end of this video, you'll have a clear understanding of how to implement fine-grained access control for your organization, enhancing security and compliance.</p><div class="kalturaVideoLessonWrapper"><div aria-label="" class="kalturaVideoLessonContainer" data-testid="video" id="1_abka8p5w"></div></div></div>

Creating an Access Policy

From Onboarding to Governance: Mastering SAP Customer Data Cloud for B2B

<div><div>Learn how to create an authorization model in SAP Customer Data Cloud by defining policies and associating them with assets. Ensure secure access control within your organization. Watch now!<br><br># This description was auto-generated #</div></div>

U5L2 Creating an Access Policy.mp4

In this video, we’ll walk through the steps to create an authorization model by defining policies and associating them with the relevant assets in SAP Customer Data Cloud. Before creating the new policy, we assume building blocks have already been created and are ready for use by the new policy, namely: Applications, Asset Types and Assets.  Begin by navigating to the Policies tab from the Organization Management dashboard. Click the Policies button to get started. Next, click the New Policy button to create a fresh policy for your authorization model. On the Details tab, enter the Name “Learning Center Doc Access Policy”, and the Description “Access Policy for Accessing the Learning Center Documents”. As the Policy ID will no longer be editable once the policy is created, for Generate Policy ID, you can choose to either specify a Custom ID or have the system generate the ID for you. Let’s choose Auto Generated ID.  A policy can either allow or restrict access.  In our case, we’ll keep the default selection, Allow.  Next you can choose one or more Applications to associate with the new policy. In this video, we’ll choose the Learning Center Application.  Click Continue to move on to the Assets Selection tab. On this step, you will decide what assets will be governed by this policy.  First, you need to select the asset type. Once you have picked one, you can select the Actions and then select the assets that meet the criteria of a Ruleset, explicitly select individual assets, or both. In this video, we’ll click on the Select Assets button and choose the Assets on the popup on the right side. When we return to the Assets Selection screen, we see the selected assets and the Applications associated with that asset type. You can click on an application to view the details and copy its ClientID string, which is needed to make B2B Authorization API calls. Click on Continue to move to the Availability step. Define which Organizations  can assign the Policy to their members in the Delegated Admin console. In this video, we’ll choose All Organizations and click Continue to move to Automated Assignments, the last step of the policy creation process.  Here we can configure how the policy is assigned to members.  We can configure Automatic Rules to dynamically assign the policy based on Organization or Member Attributes, which ensures the policy is consistently applied without manual intervention. Or we can toggle this setting to ‘No’ and leave it up to the Delegated Admin to manually assign the policy directly to members. While you can, in your projects, set up rules to automate the policy assignment, we won’t be doing this here, and instead choose No and click Done to finalize the policy. Congratulations! You have successfully created an authorization model by defining policies and specifying the assets they relate to. This ensures secure and compliant access control within your organization. Thanks for watching!