Entering content frame

Background documentation Role Maintenance Functions Locate the document in its SAP Library structure

Roles contain the following information:

·        Role name

·        Role description text

·        Role menu structure

·        Authorization profile data

·        Users or organization plan elements to which the role is assigned

·        MiniApps

·        Personalization data

Functions in the Role Maintenance Initial Screen

Function

Comment

Change (This graphic is explained in the accompanying text)

Change and assign delivered roles or change customer roles

Display (This graphic is explained in the accompanying text)

Display single or composite roles

Create Roles (This graphic is explained in the accompanying text)

Create Roles

Note

Guidelines for creating roles contains an overview of the procedure.

Create Composite Roles (This graphic is explained in the accompanying text)

Create Composite Roles

Add to Favorites (This graphic is explained in the accompanying text)

Role is put in the tree display.
The Favorites are displayed when you call the role maintenance transaction or choose Views.
To delete a role from the Favorites, position the cursor on the role. Choose the right-hand mouse key and choose Delete from Favorites in the context menu.

Delete (This graphic is explained in the accompanying text)

If the deletion is to be transported, put the role objects in a transport request before deleting. To delete the role in a system linked by RFC (For example, a component system in Workplace), choose Role ® Distribute deletion.

Copy (This graphic is explained in the accompanying text)

Predefined roles are delivered as templates. They begin with the prefix "SAP_". Copy a role to a name in the customer namespace. You can also copy the user assignment and personalization objects.

Transport (This graphic is explained in the accompanying text)

Transport and Distribute Roles

Transactions (This graphic is explained in the accompanying text)

Where-Used list for transactions in roles

Views (This graphic is explained in the accompanying text)

Select views to display roles. The following views exist:

·        Favorites

·        Single roles

·        Composite roles

·        Roles in composite roles

·        Inheritance hierarchy

·        Display roles for role owner

·        Roles grouped by country

·        Roles grouped by industry

·        Roles grouped by target system

Inheritance hierarchy displays all roles from which other roles have been derived. For more information, see Derive roles.

Display Documentation (This graphic is explained in the accompanying text)

Displays the documentation of delivered roles in the bottom right-hand part of the screen. You can link a role to a document in the Knowledge Warehouse with Utilities ® Info object ® Assign in change mode in role maintenance.

Set Filter (This graphic is explained in the accompanying text)

Undo Filter (This graphic is explained in the accompanying text)

You can further restrict the role display at the bottom of the screen with Set filter.

Note

The Roles in composite role view also displays the composite roles to which a single role with the filter search string is assigned.

You can reset filter values with Reset filter.
Other Functions in the Role Menu

Function

Comment

Print

All role data (activity assignments, organizational levels, authorization data, user assignment, and so on) are printed.

Download/Upload

To avoid inconsistencies, all roles from which a role is derived are also downloaded. When you download composite roles, all the roles which they contain are also downloaded.

When you upload a role, all role data, including authorization data is uploaded from a file into the SAP System. The user assignments for the role and the generated profiles for the role are exceptions in this case. You must therefore regenerate the authorization profiles after the upload.

Read from another system by RFC

On the following screen Target Systems, select the RFC destinations of the systems from which you want to import roles. The Select Roles (no composite roles) dialog box appears.

The role is imported into the current system through an RFC connection together with its menu and description. The authorization data is not imported, however.

You can also enter the RFC destination as a variable. To do this, you must make a Customizing setting. For more information, see WP: Changing Variables for RFC Destinations.
Options under Goto ® Settings:

·        Simple maintenance (Workplace menu maintenance)

Choose this option to set up composite or single roles on the Workplace server.

·        Basic maintenance (menus, profiles, other objects)

This option contains all functions for role maintenance. This is the standard setting.

·        Complete view (organizational management and workflow)

You can use this option to display and change Workflow tasks for a role on the Workflow tab page. The assignments are only relevant for Workflow, that is, the users directly or indirectly assigned to the role are potential Workflow task performers.

Utilities Menu Functions:

Function

Comment

Status overview

Output a list of all or selected roles with user assignment, menu, authorization profile and user master record comparison status information.

Note

If you use organization management, the statuses of the Workflow tasks and the indirect user assignments are also displayed.

Mass generation

Generates the profiles of several roles (Mass generation of profiles) at the same time

Mass comparison

User master comparison for several roles (Compare user master records)

Mass transport

You can select several roles to transport in a dialog box (Transporting and Distributing Roles).

Mass download

Save several roles on the PC

Role comparison tool

(Cross-system) role comparison (Comparing Roles).

Templates

Templates for roles

Customizing auth.

Assign projects or views of projects in the implementation guide (IMG) to a role. With this assignment, you can generate targeted authorizations for certain IMG activities and assign users. The authorization required to perform all activities in the assigned IMG projects/project views is generated in profile generation. A dialog window appears in which you can make the assignment. Choose Information to display more information on using this option.
Environment Menu Functions

Function

Comment

User master

Call user maintenance (Create and maintain user master records).

Text Comparison for CUA Central System

Send the current list of roles and profiles to the CUA central system.

Display Changes

Display change documents

Installation/upgrade

Call the transaction which initially fills the Profile generator customer tables or updates them after an upgrade. The profile generator customer tables contain a copy of the SAP field value and check indicator default values. (Reducing the Scope of Authorization Checks).

Check Indicators

Call the transaction for changing check indicators and field values for the profile generator.

Auth. Objects ® Display/Deactivate

Display authorization objects with documentation /
Deactivate authorization checks

Roles with responsibilities

Roles with responsibilities which were created in SAP R/3 4.0A and 4.0B, are migrated in separate roles, which are derived from one another, from SAP R/3 4.5A. The result of the migration is roles which contain transactions, and a derived role which contains the authorization data and user assignments for each responsibility.

 

See also:

Authorization Objects Checked in Role Maintenance

 

Leaving content frame