Question:
Hi
I am new to portal security ,can any bady give answers to my questions
In my company they are planning to install portals on R/3 databse,in this case
1.what is the difference beteen r/3 roles and portal roles?
2.can i use r/3 roles in portal?
3.User should have both account in R/3 and Portals are maintain single account?
4.what is ment by mapping of roles?
5.what exately LDAP server do in security point of view?
Answer:
1.what is the difference beteen r/3 roles and portal roles?
R/3 role - The real access in the system, needed to run tcodes
Portal role - The menu the user sees on the web page. no real access
2.can i use r/3 roles in portal?
Unless there is a significant change from Workplace to Portal, You upload the role from R/3 to Portal
3.User should have both account in R/3 and Portals are maintain single account? Yes
4.what is ment by mapping of roles? If you use a LDAP to control access you may have to map ID to role
Answer:
John
Thanks for reply ,i got an idea how portal works ,I have few more doughts please can you answer for me
1.Creating portal roles what tranction we have to use in portal?
2.what T code we use Upload roles from r/3 to Portal?
3.what tranction we use to map portalId to portalrole?
4.There ia any link between portalId and R/3Id?
Answer:
1.Creating portal roles what tranction we have to use in portal? It should be PFCG.
2.what T code we use Upload roles from r/3 to Portal? It should be PFCG.
3.what tranction we use to map portalId to portalrole? It should be PFCG or SU01.
4.There ia any link between portalId and R/3Id? One-to-one and can be done with CUA ( its reason for existing)
Answer:
Hi,
What John has said is correct assuming you are running the portal on a WEBAS server and integrate the Java stack with the ABAP Stack.
While this may sound like a good idea it does pose problems if you want to integrate other applications into the portal, its purpose, and the user needs to be authenticated for those applications.
In this type of scenario it is easier to use an LDAP. As it is currently impossible to migrate away from the WEBAS ABAP stack integration scenario once implemented, unless you reinstall, you would be well advised to look at how the portal is going to be used before deciding which way to go.
Roles can be built in the portal using the portal content directory. these can then be published to SAP and using W3PR (or WP3R never remember which way).
I would strongly suggest you read the online help for netweaver at help.sap.com and service.sap.com/security. If you have further queries after this then post them to this forum.
Cheers