How to restrict Internet content access of SAP Portal applications !

- Ameya Pimpalgaonkar &nbsp

Netweaver Consultant &nbsp

Very recently i came across a scenario wherein we wanted to restrict the access to some of the application components of Enterprise Portal to internet users. That means some application should be accessed only by the internal users and not by internet users. Earlier i thought it is not possible but after having a brainstrom on it, i thoguht YES, it is possible. You can’t belive ha? Ok let us get started to see how can we achieve this.

Problem scenario:

Your company have implemented and using an Enterprise Portal and this portal is launched on Internet. In more technical terms, you have configured External Facing Of Portal. Now you want that some of the application that are on EP should be accessible only to the intranet users. But you have configured External Facing, How will you do this? Well, here is the answer..

Solution to problem Scenario:

I know this article is going little bit technical but i will try my best to explain each and every term in simpler way.

First thing you have to do is, determine which contents you want to show to only intranet users. Let us say you have a Role in Portal named “My Details” and you want the iviews or application assigned to this role to be executed only by intranet users. Solution in short  - Using Master Rule Collection, Shifting your role and iviews from TLN (Top Level Navigation) to Left side Dynamic Navigation. If you implement these steps, your access restriction is achieved.

Step One:

In this step we will modify the master rule collection and set the URL alias. Master rule collection is the collection of accessibilty rules and URL alias means, if URL is http://<localhost>:50000/irj then show different desktop or say show different contents and if URL is http://internethost then show different desktop. To configure this setting you will have to have admin access to portal. Here are the steps

Go to System Administration –> Portal Display –> In left side detail navigation section, click on Desktop & Display Rules –> Portal Adminstrators –> Super Admnistrator –> Open Master Rule Collection.

                                     

Here click on Add IF Expression for URL alias, set IF URL Alias = http://hostname:50000/irj/portal Click on Apply,  Then = <Portal content directory path to your desktop A>

                                      

                                              

Once configured this should look like this

                                             

 Similarly repeat the steps for URL = http://internethost  Then = <Desktop B>

Step Two:

Now most important step is creating Desktop A and Desktop B. Please note Desktop A is for internal Users and B is for internet users.

Go to System Administration –> Portal Display –> Desktop & Display Rules –> Portal Users –> Std. Portal Users –> Copy the default Desktop and save it as DesktopA. Similarly copy the light portal Desktop and save it as DesktopB. Now we need to add the framework page into these desktop.

Go to Content Administration –> Portal Contents –> Portal Users –> Std. Portal users –> Copy the default Framework Page and save it as FrameworkA. Once saved, open the framework and open the properties of  Desktop inner Page. There you will find Dynamic Navigation Iview, now mark the Visibility Option - TRUE (Check box).

Similarly, repeat the steps for light Framework Page and now, Visibility of Dynamic Navigation Iview = FALSE (Check box).

After doing these changes, we will add our application or Iview or workset to Dynamic Navigation. For doing this, Open your iview and from the drop down select Dynamic Navigation. Now Right Click on your iview and choose “Add to Dynamic Navigation”. With this your task of restricting the application access for internet users is achieved.

To Summarize: We have configured two different URL for internet and intranet users. When user calles portal from intranet, Desktop A is shown to him. Desktop A contains Framework Page A wherein Dynamic Navigation is set to TRUE. Where as when user calls portal from internet, Desktop B is shown to him. Desktop B contains Framework B, wherein Dynamic Navigation is set as FALSE. That mean when user is accessing portal from intranet, Dynamic Navigation and in turn your application will be shown to user and when user is accessing portal from internet, Dynamic Navigation will not be shown to user, in turn your application is also not shown to user.

Hope i have made it clear and simpler. If you face any problem or doubt, post your comments. I will surely try to help you.

Regards,

Ameya