Mapping Role Collections to User Groups in the Subaccount

Objective

After completing this lesson, you will be able to map role collections for user groups in the subaccount

Map the Role Collections to the User Groups in the Subaccount

When we instantiated the application in SAP BTP, Role Collections were automatically created.

Screenshot of the SAP BTP Cockpit showing the Subaccount: Intelligent Agri - Role Collections page. The interface includes a search bar and lists role collections with names, descriptions, roles, user groups, and actions. Roles include Cloud Connector Administrator, Destination Administrator, intagri_Data_Scientist, intagri_Farm_Manager, intagri_Master_Data_Manager, and others. Each row has options to Copy or delete. The sidebar on the left shows options like Overview, Services, Connectivity, Security, Role Collections, Roles, and more.

Now, we need to map the Role Collections to the User Groups we created in the IdP (IAS).

Steps

  1. From the previous screen, select the role by clicking into each of them to create the mappings. You need to enter the name attribute of the user group in the Name field.

    Screenshot of the SAP BTP Cockpit showing the Subaccount: Intelligent Agri - Role Collections page with a focus on intagri_Farm_Manager. The left panel lists roles: intagri_Data_Scientist, intagri_Farm_Manager (selected), intagri_Master_Data_Manager, intagri_Operations_Planner, and intagri_Operator. The right panel details intagri_Farm_Manager in edit mode. Tabs include Roles, Users, User Groups, Attribute Mappings, and Description. The roles section shows Role Name, Role Template, and Application Identifier. The sidebar menu includes Overview, Services, Connectivity, Security, Role Collections, and more. Save and Cancel options are available.

  2. When it is saved, the screen will show the mapping of the name attribute to the Identity Provider.

    Screenshot of the detail view for the intagri_Farm_Manager role collection in the SAP BTP Cockpit. The top section includes a description for Farm Manager roles and tabs for Roles, Users, User Groups, and Attribute Mappings. The Roles tab displays entries for Role Name (intagri_Farm_Manager), Role Template, and Application Identifier (farming1b120273). The Users section shows no users. The User Groups section is highlighted and lists an Identity Provider URL and the group Name (intagri_Farm_Manager). There are options to Edit, Copy, or Delete in the upper right corner. Attribute Mappings section is below, but no data is shown.

  3. In the role collections main screen, it is possible to see the mapping to the user groups.

    Screenshot of the intagri_Farm_Manager role collection details in the SAP BTP Cockpit. It includes a description for Farm Manager roles with tabs for Roles, Users, User Groups, and Attribute Mappings. The Roles tab shows Role Name (intagri_Farm_Manager), Role Template, and Application Identifier (farming1b120273). The Users section indicates no users. The highlighted User Groups section displays an Identity Provider URL and group Name (intagri_Farm_Manager). Attribute Mappings is below, with no data shown. Edit, Copy, or Delete options are at the top.

    Video Summary

    This educational video showcases the process of mapping role collections from a SAP BTP subaccount to user groups within an EIS IDP. Set within the context of a 'SAP Intelligent Agriculture Instance' on a subaccount, it is noted that role collections are automatically generated during the instance setup.

    Critical to the process is aligning these role collections with the relevant user groups in the IDP. The video demonstrates this by mapping each role collection to each user group, with particular focus on the use of the 'name attribute'. Upon completion, a review confirms the successful implementation of the mapping process, providing viewers with a clear understanding of role mapping in a SAP BTP subaccount.

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn