SAP云平臺的幫助文檔：https://help.sap.com/viewer/ea72206b834e4ace9cd834feed6c0e09/Cloud/en-US/a1ab5c4cc117455392cd0a512c7f890d.html

SAP Cloud Platform includes predefined platform roles that support the typical tasks performed by users when interacting with the platform. In addition, subaccount administrators can combine various scopes into a custom platform role that addresses their individual requirements.

CloudFoundry的幫助文檔：https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/

SAP云平臺包含了預定義的平臺角色，每個角色能完成SAP Cloud Platform使用者需要進行的一系列典型操作。當然，Administrator也能根據實際需求，創建自定義的角色。

A platform role is a set of permissions, or scopes, managed by the platform.

平臺角色是一系列permissions或者scopes的集合。

Scopes are the building blocks for platform roles.
Scope是平臺角色的組成部分。

They represent a set of permissions that define what members can do and what platform resources they can access (for example, configuration settings such as destinations or quotas).

Scopes是一系列操作許可(permissions)的集合，定義了SAP云平臺的用戶能夠進行的操作和能夠訪問的資源。

Most scopes follow a “Manage” and “Read” pattern. For example, manageXYZ comprises the actions create, update, and delete on platform resource XYZ.

大多數Scope本身遵循了Manage和Read的模式。例如，manageXYZ包含對資源XYZ的增刪改查操作。

下面是一些基本的role：

• Administrator：Manage subaccount members管理Subaccount, 管理subscription，trust，Authentication和OAuth設置，以及SAP HANA services on HANA databases.

The Administrator role in a global account is automatically assigned to the user who has started a trial account or who has purchased resources for an enterprise account.

Furthermore, you can view heap dumps and download a heap dump file.

和developer role比較，具備后者定義的所有permission，除了調試權限之外。

Administrator role包含的scope：

• Cloud Connector Admin:Open secure tunnels via Cloud Connector from on-premise networks to your subaccounts.

• Developer: 這個role會默認分配給所有新建的用戶：Supports typical development tasks, such as deploying, starting, stopping, and debugging applications. You can also change loggers and perform monitoring tasks, such as creating availability checks for your applications and executing MBean operations.

• Support User:Designed for technical support engineers, this role enables you to read almost all data related to a subaccount, including its metadata, configuration settings, and log files. For you to read database content, a database administrator must assign the appropriate database permissions to you. 對所有Subaccount的數據(包含元數據)提供只讀訪問。

• application user admin:Assigned by the subaccount administrator to a subaccount member. Manage user permissions on application level to access Java, HTML5 applications, and subscriptions. You can control permissions directly by assigning users to specific application roles or indirectly by assigning users to groups, which you then assign to application roles. You can also unassign users from the roles or groups.

從下圖能夠看出，Administrator role的scope最大：The Admin role includes all platform scopes available on SAP Cloud Platform. The Developer and Support User are subsets of the Admin role.

The user you want to add to SAP ID service must have an SAP user account (for example, an S-user or P-user).

要獲取更多Jerry的原創文章，請關注公眾號"汪子熙":

總結

以上是生活随笔為你收集整理的SAP Cloud Platform Neo环境的权限管理的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。