You assign authorization roles to your users in ERP E-Commerce to determine which applications they can enter and the tasks they can carry out in these applications. There are two types of authorization roles provided by SAP:
· For service users
There is a service user role for each Web-based application to provide an RFC connection between the Web-based application and the backend ERP system.
· For Internet users
There are various user roles provided by SAP for the different Web-based applications. You assign these to your customers and employees so that they can carry out various tasks and activities in the Web-based applications. There are different roles for each of the Web-based applications, determining the permissions the user has once logged on. For example, the roles determine whether the user can only display orders or also change orders.
SAP delivers standard authorization roles which you can change and modify to meet your needs. These roles contain authorization objects which determine which permissions a user has in an application. You can modify the authorization objects within the roles to change the permissions. For example in the role for the B2B Web shop user you can determine if the user can only display a sales order or whether the user can also create and change a sales order. For a full list of the document authorizations for the Business-to-Business (B2B) scenario, see Document Authorizations in ERP E-Commerce.
The table below lists the various service user roles that are delivered in the standard SAP shipment for ERP E-Commerce Web-based applications, along with the user and service user roles that are delivered in the standard SAP shipment. You should create local copies of these roles and modify them.
Service User Role |
Consists of Following Roles |
Description |
SAP_ISA_B2C_RFC |
SAP_ISA_SUB_USER_MANAGER SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_CREATE |
Service user authorization role for RFC connections for B2C Web shop. |
SAP_ISA_B2B_RFC |
SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_READ |
Service user authorization role for RFC connections for B2B Web shop. |
SAP_ISA_SHOPMGMT_RFC |
SAP_ISA_SUB_RFC |
Service user authorization role for RFC connections to Shop Management application. |
SAP_ISA_UADM_RFC |
SAP_ISA_SUB_RFC |
Service user authorization role for RFC connections to Web-based User Management application. |
The table below lists the various Web-based application along with the user and service user roles that are delivered in the standard SAP shipment. You should create local copies of these roles and modify them:
Application |
User Authorization Role |
Consists of following roles |
Description |
Service User |
B2C |
SAP_ISA_B2C_FULL |
SAP_ISA_SUB_ORDER_MAINTAIN SAP_ISA_SUB_TEMPLATE_MAINTAIN SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_CHANGE |
Full authorizations for B2C Web shop users. Assigned to the reference user and inherited by B2C Web shop users during self-registration in the Web shop. |
SAP_ISA_B2C_RFC |
B2B |
SAP_ISA_B2B_VIEW |
SAP_ISA_SUB_TEMPLATE_MAINTAIN SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_READ SAP_ISA_SUB_CATPRICE |
B2B Web shop user authorizations, limited to displaying the catalog and creating order templates. |
SAP_ISA_B2B_RFC |
|
SAP_ISA_B2B_ORDER |
SAP_ISA_SUB_TEMPLATE_MAINTAIN SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_READ SAP_ISA_SUB_ORDER_MAINTAIN SAP_ISA_SUB_CATPRICE |
B2B Web shop user authorizations, limited to creating orders. |
|
|
SAP_ISA_B2B_FULL |
SAP_ISA_SUB_TEMPLATE_MAINTAIN SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_READ SAP_ISA_SUB_ORDER_MAINTAIN SAP_ISA_SUB_QUOTATION_UI SAP_ISA_SUB_BILLING_VIEW SAP_ISA_SUB_CATPRICE |
Full authorizations for B2B Web shop user. User can carry out all transactions and activities in the B2B Web shop. |
|
|
SAP_ISA_BOB_FULL |
SAP_ISA_SUB_TEMPLATE_MAINTAIN SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_READ SAP_ISA_SUB_ORDER_MAINTAIN SAP_ISA_SUB_QUOTATION_UI SAP_ISA_SUB_CATPRICE |
User authorizations for the Web shop internal users scenario. |
|
Shop Management |
SAP_ISA_SHOPMGMT_FULL |
SAP_ISA_SUB_SHOPMGMT SAP_ISA_SUB_RFC |
Full Shop Management application authorizations. The user can create and maintain Web shops. |
SAP_ISA_SHOPMGMT_RFC |
User Management |
SAP_ISA_UADM_SUPERUSER |
SAP_ISA_SUB_RFC SAP_ISA_SUB_USER_SUPERUSER SAP_ISA_SUB_CUSTOMER_CREATE |
Superuser authorizations. The user can create superusers for companies to which he is assigned and create Web shop users. |
SAP_ISA_UADM_RFC |
|
SAP_ISA_UADM_MANAGER |
SAP_ISA_SUB_RFC SAP_ISA_SUB_USER_MANAGER SAP_ISA_SUB_CUSTOMER_CREATE |
Web shop manager authorizations. The user can create superusers and Web shop users for all companies. |
|
You want to create a user for your B2B Web shop. You create a service user for the B2B Web shop application and a service user for the Web-based User Management application in your backend ERP system (transaction SU01). You assign the service users to the applications in Extended Configuration Management (XCM). You take the standard SAP role for a B2B Web shop user SAP_ISA _B2B_FULL in the ERP system (transaction PFCG), copy it, and modify the authorization objects to meet your needs. For example, you remove the authorization object for creating orders. You assign the authorization role to Web-based User Management in the Customizing area of the. You log on to Web-based User Management, create a user and assign the modified B2B Web shop role to the user. The user can now log on to the B2B Web shop and carry out the tasks enabled in the authorization role.