SAP Mobile Platform does not provide proprietary security systems for
storing and maintaining users and access control rules, but delegates these functions to the
enterprise’s existing security solutions.
A security profile determines the scope of user identity, data access, and
security by performing authentication and authorization checks. A user must be part of
the security repository used by the configured security profiles to access any resources
(either a Management Cockpit administration feature
or a data set from a back-end data source).
SAP Mobile Platform includes three default security profiles: Admin,
Default, and Notification. Administrators can also create new security profiles and
assign authentication providers using Management Cockpit.
Security profiles aggregate various security mechanisms for protecting
SAP Mobile Platform resources under a specific name, which
administrators can then assign. Each security profile consists of:
- Configured security providers: Security provider plug-ins for many common
security solutions, such as LDAP, are included with
SAP Mobile Platform.
- Role mappings that map SAP Mobile Platform logical roles to
back-end physical roles.
A user entry must be stored in the security repository used by the configured
authentication provider to access any resources. When a user attempts to access a
particular resource, SAP Mobile Platform Server tries to authenticate and
authorize the user, by checking the security repository for security access policies on
the requested resource and role memberships.