You've arranged roles in role collections, and now want to assign or map these role collections to business users.
How you assign users to their authorizations depends on the type of trust configuration and on whether or not you prefer to maintain the authorizations of individual users rather in the identity provider or in SAP BTP. The following options are available:
-
Directly assign role collections to users.
-
Map role collections to user groups or other user attributes defined in the identity provider. You initially maintain the mapping between user groups or other user attributes and role collections once in SAP BTP, and maintain group memberships or other attributes of users in the identity provider.
If you’re using the default trust configuration with the default identity provider, you directly assign users to role collections. For more information, see Default Identity Provider.
However, if you’re using a custom trust configuration, for example, with SAP Cloud Identity Services - Identity Authentication, you can use both options. For more information about configuring the trust between your subaccount and a custom identity provider, see Establish Trust and Federation Between SAP Authorization and Trust Management Service and Identity Authentication.
Options for Assignment of Role Collections
|
Trust Configuration |
Assignment Options |
|---|---|
|
Default trust configuration (SAP ID service) |
|
|
Custom trust configuration (for example: a tenant of the Identity Authentication service) |
Related Information