Entering content frame

Function documentation Role and Authorization Assignment Locate the document in its SAP Library structure

Use

The standard user administration functions in the SAP system are used to assign the required authorizations to users who operate the central and decentralized systems in the Structure linksystem group.

The role generator, part of the Defense Forces & Public Security component, is an additional administration tool that you can use to generate and update authorizations automatically for users who are assigned to an organizational structure consisting of force elements.

Prerequisites

You are already using Central User Administration (CUA) and are familiar with its functions. For more information, see SAP Library under SAP NetWeaver Library ® SAP NetWeaver by Key Capability ® Security ® Identity Management ® Users and Roles (BC-SEC-USR).

Features

The authorizations for a user who is assigned to an organizational structure consisting of force elements can be generated and updated as follows:

Assigning Roles and Authorizations

This graphic is explained in the accompanying text

Role Assignments

The following types of role assignment are possible:

     Authorizations based on roles assigned directly

Roles can be assigned to a user directly. Direct role assignments can exist in all systems in the multilevel system landscape, regardless of whether or not organizational structures are known in the systems.

     Authorizations based on roles assigned indirectly

Roles can be assigned to a user indirectly by means of the organizational structure. Indirect role assignments of this kind require the existence of such an organizational structure in the respective system.

The following cases must be distinguished:

     A user is assigned the roles that are assigned to the relevant person or position, to the higher-level force element, or to other higher-level organizational objects (the assignment is made using standard Profile Generator functions).

     A user can be assigned a derived role on the basis of the position assigned.

You can use the role generator to derive a role from a reference role and assign it to a position.

A Business Add-In is used to enrich this derived role with values for specific organizational level fields that are determined using the higher-level force element.

You initially assign authorizations manually using the role generator. Authorizations are automatically updated by the system if you schedule the role generator as a job in the appropriate system.

 

 

 

Leaving content frame