Production environments rely on a production-grade security provider
(commonly an LDAP directory) to authenticate administrators. To map the
SAP Mobile Platform default logical roles to the corresponding physical
roles in the security provider, you must understand how the provider organizes users.
Prerequisites
SAP Mobile Platform
cannot query all supported enterprise security servers directly; for successful
authentication, you must know the physical roles that your back-end systems
require.
Task
You can map a logical role to one or more physical roles. You can also map multiple
logical roles to the same physical role. If a role does not exist, you can also add or
delete names as needed.
Consider which users need to be in the Administrator, Developer, Helpdesk, Impersonator,
and Notification User roles, then identify or create groups in your provider that
correspond to these roles.
- Evaluate existing groups.
If there are existing groups that seem to already contain the right
subjects that correspond to Administrator, Developer, Helpdesk, Impersonator, and
Notification User, you can use those groups. The names need not be exact, as you can
map them manually to address any differences.
- If required,
have your LDAP administrator:
- Create new LDAP groups that will correspond to and be mapped to
SAP Mobile Platform logical roles.
- Use LDAP tools to add users to those LDAP groups so that when the LDAP users
authenticate to SAP Mobile Platform (with theDirectory Service
(LDAP/AD)
provider configured) the corresponding physical roles are attributed to them
and the logical role mapping can grant appropriate access.
- Add subjects to these groups to assign SAP Mobile Platform
corresponding permissions.
- Determine what values are needed for the
authentication
provider properties in SAP Mobile Platform.
For example, for an LDAP
authentication
provider you need values for the providerURL, serverType, bind
user, bind password, search base and so on.