Usually a role collection consists of one or multiple roles. You can use the SAP BTP cockpit to add or remove roles.
A role is an instance of a role template; you can build a role based on a role template and assign the role to a role collection. The SAP BTP cockpit helps you to display information about the selected application and any related roles in the following windows, tabs, and panes:
-
Roles
-
Scopes
-
Attributes
-
Role templates
Roles are assigned to role collections which are assigned in turn to users or user groups if an SAML 2.0 identity provider stores the users. Using the SAP BTP cockpit, you can display information about the role collections that have been maintained as well as the roles available in a role collection. Additional information includes: which templates the roles are based on, and which applications the roles apply to. Role collections enable you to group together the roles you create. The role collections you define can be assigned as follows:
-
To users logged on to the
SAP ID service. -
To user groups containing users logging on with SAML 2.0 assertions.
Related Information
Security Administration: Managing Authentication and Authorization