SAP EP offers users role-specific, Web-based and secure access to all relevant information, applications and services. Employees only need a desktop and a Web Browser, and can begin work once they have been authenticated in the portal.
SAP Enterprise Portal contains the NetWeaver components Portal, Knowledge Management, and Collaboration. In addition, SAP provides pre-defined content. At the moment the portfolio contains more than 100 business packages, which are shipped in multiple languages.
Web Dynpro is Sap’s programming model for developing professional and interactive Web user interfaces for business applications.
An iView is a logical portal content module representing a visual application or part of one. One or more iViews are combined on a portal page, which is then assigned to users by the role definition. Web Dynpro UIs are integrated in SAP Enterprise Portal with iViews.
Portal roles are a central element of SAP Enterprise Portal. They structure the content and are defined for specific end users.
A role is a collection of task-specific content. Roles are defined based on responsibilities and areas of interest, and are created by a role administrator. A user can be assigned one or more roles (for example, the roles employee and staff). The roles define the content of the portal navigation as well as the content of the portal. Role assignment can therefore be seen as a pre-personalization of the portal – a personalization that is performed by the administrator and not by the user (personalization level 1). Depending on their permissions, users can also adjust the look and feel of the portal, maintain user-specific attributes (personalization level 2), change portal pages by adding or deleting iViews (personalization level 3), and personalize individual iViews (personalization level 4).
SAP provides tools for creating and developing portal content – depending on the target group and the complexity of the applications.
One distinguishes between
• Portal Content Studio: An administration environment integrated in SAP Enterprise Portal that is used for code-free development of portal content using wizards.
• SAP NetWeaver Visual Composer: Model-based development of portal content by simply using graphic tools.
• SAP NetWeaver Developer Studio (Web Dynpro perspective): Based on the powerful Web Dynpro programming model, application developers can develop Web user interfaces for professional business applications.
• SAP NetWeaver Developer Studio (J2EE + PDK perspective): The SAP NetWeaver Developer Studio offers complete support when developing Java projects.
• SAP ABAP Workbench: The ABAP Workbench provides the Business Server Page (BSP) technology for creating Web user interfaces.
All the portal content created using these tools can be seamlessly integrated in SAP Enterprise Portal using the portal services already presented.
Typical examples for the integration technology are:
• Client Eventing: Enables iViews to communicate with one another at the client side and to communicate with the portal itself.
• Work Protect: Function providing an infrastructure for handling unsaved data in portal applications, for example if users navigate in the portal without first having stored their entries in an application.
• Session Management: Contains in particular the session persistence to retain the last session status of the user (for example when navigating to another portal page) as well as a server session termination function for releasing resources on the backend system (for example when closing the browser).
• Portal Navigation: SAP Enterprise Portal offers more than simply navigation between individual portal pages, in particular.
• Object-based navigation (OBN): It provides users with a navigation feature based on the actual business objects from productive backend systems.
• Drag & Relate: iViews can contain objects representing business elements of a backend application (for example customer). If users pull such an object, as with Drag & Drop, and relate it to another object in the Drag&Relate target object area, they can navigate between different applications containing similar, but not identical business objects.
• Dynamic Navigation: The portal enables you to assign navigation objects to pages and iViews as context-sensitive dynamic navigation iViews. This means that navigation targets are provided dynamically depending on the action selected.
The portal offers the following security features to help keep your portal secure.
• Authentication: When users access the portal, they must provide some form of identification in the form of user ID and password, client certificates, and so on. The portal supports authentication with user ID and password, X.509 certificates, integrated Windows authentication, external Web access management tools.
• Single Sign-On: Once users have successfully logged on to the portal, they can access all information, applications, and services without repeatedly having to log on.
• Authorization: ACL-based permissions ensure that users can only access portal objects for which they have the required authorization. Authorization for applications integrated in the portal is handled by the systems on which the applications run.
• User Management: Existing corporate LDAP directories in your system landscape can be leveraged by the portal. Alternatively user data can be retrieved from a SAP Web Application Server ABAP or from a database.
• Secure Communications: Secure Sockets Layer (SSL) and Secure Network Communications (SNC) can be used to build a secure channel between the user’s Web browser, the portal server, and backend systems.
• Secure network architecture: Recommendations for secure network architecture for the portal are available in the Portal Security Guide.
• Security logging: Security-relevant events such as user logon, or changes to permissions, are logged.
The portal uses the ‘User Management Engine’ (UME) which is an integral part of SAP Web Application Server Java. The UME manages user and user-related data (roles, groups) which can be retrieved from an LDAP directory, a SAP Web Application Server Java, a database, or a combination of these. Administration tools allowing you to manage users, groups, and roles are integrated in the portal user administrator role. A configuration tool for configuring the UME is integrated in the portal system administrator role.
In addition, the UME provides many features such as self-registration with approval workflow, notification emails, and so on.
The portal user management is very flexible and allows you to use a variety of repositories for storing and retrieving user data. In particular, it allows you to leverage existing user repositories in your system rather than having to set up a new user repository.
For example, if you are using your portal in a system landscape that includes many non-SAP systems, you can provide a central user base using an LDAP directory and configure the portal to use the LDAP directory as its user repository.
On the other hand, if you are using your portal in a system landscape that consists of SAP systems only, you can set up Central User Administration (CUA) on one of the ABAP-based systems and configure your portal to use the ABAP user management as its user repository.
Visit Sap’s security pages in SAP Service Marketplace at service.sap.com/security. You can find the Portal Security Guide with recommendations on how to secure your portal at service.sap.com/securityguide. Documentation on security and user management is available on the Help Portal at help.sap.com/nw04.