As an administrator of the Cloud Foundry environment, you can specify attributes in roles to refine authorizations of the business users. Depending on these attributes, business users with this role have restricted access to data.
You have maintained the attributes of the users in your identity provider.
In SAP Cloud Identity Services or any identity provider, you find the attributes in the configuration.
-
Open the SAP BTP cockpit.
-
Go to your subaccount.
For more information, see Navigate in the Cockpit.
-
Choose your space in Cloud Foundry > Spaces or, in the case of subscriptions, see Configure Application Roles and Assign Roles to Users.
-
Choose the application.
-
Choose Security > Roles.
-
Select a role.
The role overview pane displays the attribute name and fields where you can select the source and enter a value.
-
Choose Edit.
-
To specify an attribute, choose the source of the attribute. The following sources are available:
Attribute Sources
Source
Value/Attribute
Static
Enter a static value, for example
USAto refine the role depending on the country.Follow entries with the [Enter] key. Otherwise you can't save the role.
Identity Provider
Enter an attribute as defined in your identity provider. Check in your identity provider for the exact syntax of the attribute identifier.
For SAP Cloud Identity Services, you find the attribute identifier in the settings of the attributes of your identity provider under Applications & Resources > Applications > <Application_Name> > Trust > Attributes.
To use the attribute for cost center, you must enter the value
cost_center.Unrestricted
In this case, you want to express that it is not necessary to set a specific value for this attribute. The behavior is the same as if the attribute would not exist for this role.
-
Save your changes.
Related Information
Subscribe to Multitenant Applications Using the Cockpit