Assign a Role Collection to a User

Beginner

10 min.

SAP Cloud Application Programming Model, Beginner, Tutorial, SAP Business Technology Platform, Node.js, SAP Fiori

This tutorial shows you how to assign roles to users.

You will learn

How to assign roles to users

Mahati ShankarFebruary 16, 2024

Created by

June 14, 2021

Contributors

Prerequisites

Subscribe to the SAP Build Work Zone, Standard Edition

This tutorial will soon be phased out.

For more tutorials about how to develop and deploy a full stack CAP application on SAP BTP, see:

Develop a Full-Stack CAP Application Following SAP BTP Developer’s Guide

Deploy a Full-Stack CAP Application in SAP BTP, Cloud Foundry Runtime Following SAP BTP Developer’s Guide

Deploy a Full-Stack CAP Application in SAP BTP, Kyma Runtime Following SAP BTP Developer’s Guide

To continue learning how to implement business applications on SAP BTP, see:

SAP BTP Developer’s Guide

Related Hands-On Experience

Tutorials for ABAP Cloud

Tutorials for SAP Cloud Application Programming Model

Step 1
To be able to access the application, your user needs to be assigned to a role collection that provides the required scopes.

Open SAP BTP Cockpit.

Go to the Subaccount where you have deployed your service and application.

Choose Security → Role Collections on the left.

Select RiskManager-<your space> in the list of role collections.

Choose Edit.

Enter the E-Mail Address of your user in the ID Field under Users, as you type a popup will appear showing your user, choose it.

Choose Save.

The name of the role collection includes the name of your space

The role collections are created automatically using the xs-security.json file. Hence, the name of the role collection includes the name of your space where you have deployed your service and application. For example, if the space name is dev, then the name of the role collection will be RiskManager-dev.

Your user now appears in the list of the role collection’s users.
What is the naming pattern for role collections?
role name-space name
role name-subaccount name
role name-account name
role name-user name
Step 2
Go to the application and choose the tile Risks. You should be able to create entries in the Risks application.

If not, probably you have signed in before adding the role collection to your user. Sign out and sign in again to get the added roles in your login ticket.

Why there’s no data in the Risks application?

As explained in section Exclude CSV files from deployment, test files should never be deployed to an SAP HANA database as table data. For this reason, we’ve excluded the test files from the deployment archive before deployment.
Step 3
Instead of creating the role collection automatically using the xs-security.json, it’s also possible to create a role collection manually. For example:

Open SAP BTP Cockpit.

Go to the Subaccount.

Choose Security → Role Collections on the left.

Choose the ( + ) icon to create a new role collection.

Enter Name RiskManager.

Choose Create.

The new role collection appears now in the list, but it doesn’t contain any roles. To add a role:

Choose the RiskManager role collection.

Choose Edit.

Open the value help for Role Name.

Select cpapp-...!... in Application Identifier dropdown.

The App Identifier is the XSAPPID of your application. It consists of the XSAPPNAME that’s been used to create the XSUAA service followed by an exclamation mark (!) and a landscape-wide unique ID.

Select RiskManager in list of roles.

Choose Add.

Choose Save.

Assign roles
Test it
(Optional) Create a role collection manually

Assign a Role Collection to a User

Prerequisites

What is the naming pattern for role collections?

Developer Products

Trials & Downloads

Site Information