Authorization Roles in ERP E-Commerce (SAP Library - SAP CRM: Business Scenario and Business Process Configuration)

Authorization Roles in ERP E-Commerce

Use

You assign authorization roles to your users in ERP E-Commerce to determine which applications they can enter and the tasks they can carry out in these applications. There are two types of authorization roles provided by SAP:

· For service users

There is a service user role for each Web-based application to provide an RFC connection between the Web-based application and the backend ERP system.

· For Internet users

There are various user roles provided by SAP for the different Web-based applications. You assign these to your customers and employees so that they can carry out various tasks and activities in the Web-based applications. There are different roles for each of the Web-based applications, determining the permissions the user has once logged on. For example, the roles determine whether the user can only display orders or also change orders.

SAP delivers standard authorization roles which you can change and modify to meet your needs. These roles contain authorization objects which determine which permissions a user has in an application. You can modify the authorization objects within the roles to change the permissions. For example in the role for the B2B Web shop user you can determine if the user can only display a sales order or whether the user can also create and change a sales order. For a full list of the document authorizations for the Business-to-Business (B2B) scenario, see Document Authorizations in ERP E-Commerce.

Features

The table below lists the various service user roles that are delivered in the standard SAP shipment for ERP E-Commerce Web-based applications, along with the user and service user roles that are delivered in the standard SAP shipment. You should create local copies of these roles and modify them.

Service User Role	Consists of Following Roles	Description
SAP_ISA_B2C_RFC	SAP_ISA_SUB_USER_MANAGER SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_CREATE	Service user authorization role for RFC connections for B2C Web shop.
SAP_ISA_B2B_RFC	SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_READ	Service user authorization role for RFC connections for B2B Web shop.
SAP_ISA_SHOPMGMT_RFC	SAP_ISA_SUB_RFC	Service user authorization role for RFC connections to Shop Management application.
SAP_ISA_UADM_RFC	SAP_ISA_SUB_RFC	Service user authorization role for RFC connections to Web-based User Management application.

The table below lists the various Web-based application along with the user and service user roles that are delivered in the standard SAP shipment. You should create local copies of these roles and modify them:

Application	User Authorization Role	Consists of following roles	Description	Service User
B2C	SAP_ISA_B2C_FULL	SAP_ISA_SUB_ORDER_MAINTAIN SAP_ISA_SUB_TEMPLATE_MAINTAIN SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_CHANGE	Full authorizations for B2C Web shop users. Assigned to the reference user and inherited by B2C Web shop users during self-registration in the Web shop.	SAP_ISA_B2C_RFC
B2B	SAP_ISA_B2B_VIEW	SAP_ISA_SUB_TEMPLATE_MAINTAIN SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_READ SAP_ISA_SUB_CATPRICE	B2B Web shop user authorizations, limited to displaying the catalog and creating order templates.	SAP_ISA_B2B_RFC
	SAP_ISA_B2B_ORDER	SAP_ISA_SUB_TEMPLATE_MAINTAIN SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_READ SAP_ISA_SUB_ORDER_MAINTAIN SAP_ISA_SUB_CATPRICE	B2B Web shop user authorizations, limited to creating orders.
	SAP_ISA_B2B_FULL	SAP_ISA_SUB_TEMPLATE_MAINTAIN SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_READ SAP_ISA_SUB_ORDER_MAINTAIN SAP_ISA_SUB_QUOTATION_UI SAP_ISA_SUB_BILLING_VIEW SAP_ISA_SUB_CATPRICE	Full authorizations for B2B Web shop user. User can carry out all transactions and activities in the B2B Web shop.
	SAP_ISA_BOB_FULL	SAP_ISA_SUB_TEMPLATE_MAINTAIN SAP_ISA_SUB_RFC SAP_ISA_SUB_CUSTOMER_READ SAP_ISA_SUB_ORDER_MAINTAIN SAP_ISA_SUB_QUOTATION_UI SAP_ISA_SUB_CATPRICE	User authorizations for the Web shop internal users scenario.
Shop Management	SAP_ISA_SHOPMGMT_FULL	SAP_ISA_SUB_SHOPMGMT SAP_ISA_SUB_RFC	Full Shop Management application authorizations. The user can create and maintain Web shops.	SAP_ISA_SHOPMGMT_RFC
User Management	SAP_ISA_UADM_SUPERUSER	SAP_ISA_SUB_RFC SAP_ISA_SUB_USER_SUPERUSER SAP_ISA_SUB_CUSTOMER_CREATE	Superuser authorizations. The user can create superusers for companies to which he is assigned and create Web shop users.	SAP_ISA_UADM_RFC
	SAP_ISA_UADM_MANAGER	SAP_ISA_SUB_RFC SAP_ISA_SUB_USER_MANAGER SAP_ISA_SUB_CUSTOMER_CREATE	Web shop manager authorizations. The user can create superusers and Web shop users for all companies.

Example

You want to create a user for your B2B Web shop. You create a service user for the B2B Web shop application and a service user for the Web-based User Management application in your backend ERP system (transaction SU01). You assign the service users to the applications in Extended Configuration Management (XCM). You take the standard SAP role for a B2B Web shop user SAP_ISA _B2B_FULL in the ERP system (transaction PFCG), copy it, and modify the authorization objects to meet your needs. For example, you remove the authorization object for creating orders. You assign the authorization role to Web-based User Management in the Customizing area of the. You log on to Web-based User Management, create a user and assign the modified B2B Web shop role to the user. The user can now log on to the B2B Web shop and carry out the tasks enabled in the authorization role.