Subaccount A – Security (ROI iAM)
Overview
For this subaccount, grant all ROIABLE members the Subaccount Administrator role. For the space created for deployment in Cloud Foundry, grant the Space Manager role.
Allocate 32 GB to the Cloud Foundry space quota.
If ROI iAM requires on-premise connectivity, connect a Cloud Connector to the same subaccount.
The following services and plans must be entitled for the subaccount:
SAP Cloud Identity Services
- Plan: application
Automatic step - Instance creation/binding
During deployment, the service instance is created and bound to the required application(s).
SAP Cloud Logging
- Plan: standard
Manual step - Service instance
Create the service instance.
SAP HANA Schemas & HDI Containers
- Plan: hdi-shared
Automatic step - Instance creation/binding
During deployment, the service instance is created and bound to the required application(s).
Destination Service
- Plan: lite
Automatic step - Instance creation/binding
During deployment, the service instance is created and bound to the required application(s).
SAP Credential Store
- Plan: standard
Manual step - Service instance
{
"authentication": {
"credentials-validity": 365,
"type": "oauth:key"
}
}Manual step - Instance Key
Create the service instance key with the following configuration:
{
"authorization": {
"namespace_permissions": {
"roiam": ["list", "write", "read"]
}
}
}SAP BTP HTML5 Application Repository
- Plan: app-host
- Plan: app-runtime
Automatic step - Instance creation/binding
During deployment, the service instance is created and bound to the required application(s).
Important
Share created service instance(s) and key(s) with the team deploying ROI iAM.
See also
- Subaccount(s) diagram
- SAP Discovery Center