As an administrator, you can specify attributes in a new role to refine authorizations of business users. Depending on these attributes, business users with this role have restricted access to data.
You have maintained the attributes of the users in your identity provider.
In SAP Cloud Identity Services or any identity provider, you find the attributes in the configuration.
-
Open the SAP BTP cockpit.
-
Go to your global account (China (Shanghai) region) orsubaccount. For more information, see Navigate in the Cockpit.
-
Choose your space in Cloud Foundry > Spaces or, for subscriptions, see Configure Application Roles and Assign Roles to Users.
-
Choose the application.
-
Choose Security > Roles.
-
To create a new role, choose Create.
A wizard guides you through the role creation process.
-
Enter a name and a description of the new role.
-
Select the role template that you want to use.
-
Choose Next.
-
To specify an attribute, choose the source of the attribute. The following sources are available:
Attribute Sources
Source
Value/Attribute
Static
Enter a static value, for example
USAto refine the role depending on the country/region.Identity Provider
Enter an attribute as defined in your identity provider. Check in your identity provider for the exact syntax of the attribute identifier.
For SAP Cloud Identity Services, you find the attribute identifier in the settings of the attributes under Applications & Resources > Applications > <Application Name> > Trust > Attributes.
To use the attribute for cost center, you must enter the value
cost_center.Unrestricted
In this case, you want to express that it isn't necessary to set a specific value for this attribute. The behavior is the same as if the attribute wouldn't exist for this role.
-
Choose Next.
-
Select the role collections for your new role. For more information, see the related link.
-
Choose Next and Finish.
You have now created a new role with attributes.
Related Information