Platform users are usually developers, administrators or operators who deploy, administer, and troubleshoot accounts, applications and services on SAP BTP. They’re the users that have full access and give certain permissions, for instance, at global account, directory, or subaccount level. Members of subaccounts only have basic access.
Platform users who have administrative permissions can view or manage the list of global accounts, subaccounts, and environments, such as Cloud Foundry orgs and spaces. Platform users have access to them using the SAP BTP cockpit, the SAP BTP command-line interface (btp CLI), or environment-specific CLI, such as the Cloud Foundry (CF) CLI.
For platform users, there's a default identity provider. We expect that you have your own identity provider.
We strongly recommend that you configure your custom tenant of SAP Cloud Identity Services as the identity provider and connect SAP Cloud Identity Services to your own corporate identity provider.
For more information, see Trust and Federation with Identity Providers.
For China (Shanghai) and Government Cloud (US) regions, a different default identity provider is used, and you can't use SAP Cloud Identity Services as identity provider in the global account.
If you want to use two-factor authentication in the China (Shanghai) region, see this blog article on SAP Community.
Member management refers to managing permissions for platform users. Members have only basic access to SAP BTP.
Member management happens at global account, directory, subaccount, and environment level. Members' permissions apply to all operations that are associated with the global account, the organization, or the space, irrespective of the tool used. Depending on the scope and the cloud management tools you're using, you manage members in different ways:
|
Global Accounts |
Directories |
Subaccounts |
|---|---|---|
|
You manage global account members by assigning role collections to platform users. Use the following predefined role collections:
Assign these role collections from the SAP BTP cockpit or the btp CLI. See: Role Collections and Roles in Global Accounts, Directories, and Subaccounts |
You manage directory members by assigning role collections to platform users. Use the following predefined role collections:
Assign these role collections from the SAP BTP cockpit or the btp CLI. See: Role Collections and Roles in Global Accounts, Directories, and Subaccounts |
You manage subaccount members by assigning role collections to platform users.
Use the predefined role collections, such as:
Assign these role collections from the SAP BTP cockpit or the btp CLI. See: Role Collections and Roles in Global Accounts, Directories, and Subaccounts |
Member Management in the Cloud Foundry Environment
|
Orgs |
Spaces |
|---|---|
|
Manage org members on the Members page at environment level in the SAP BTP cockpit or with the Cloud Foundry CLI. A platform user added as an org member can be either an Org Manager or an Org Auditor or implicitly an Org User. See: About Roles in the Cloud Foundry Environment |
Manage space members on the Members page at space level in the SAP BTP cockpit or with the Cloud Foundry CLI. A platform user added as a space member can be either a Space Manager, Space Developer, Space Auditor, or Space Supporter. See: About Roles in the Cloud Foundry Environment |
For more information on the Kyma environment, see Assign Roles in the Kyma Environment.
See also About User Management in the Cloud Foundry Environment.