User Configuration Tab

Use

Here you can define and monitor the rights of the users and user groups that can access the cloud services. Predefined roles are assigned to the individual services. Roles are assigned to the individual user groups using an application in the Digital Manufacturing Cloud. For locally defined users, you can assign the roles here yourself.

Maintain User Groups

The maintenance of user groups, the assignment of PCo roles, and the assignment of user groups to SAP Digital Manufacturing Cloud users is carried out centrally using applications in the Digital Manufacturing Cloud. For more information about maintaining user groups in the DMC, see the Machine Model documentation under https://help.sap.com/viewer/76070b83a9954174b76a3411ad31f034/latest/en-US/ffc87516de484cecb2daa918bab5c605.html.

When you are configuring the user groups in the SAP Digital Manufacturing Cloud, you can control whether you want to perform the authorization checks for all PCo installations connected to the Digital Manufacturing Cloud in the same way, or whether you want to perform this check more specifically for individual installations or users.

A special default user group is provided for the execution of background tasks. This user group is always used for the authorization check if the service call takes place without user information and user group information. (See also: Process Flow for the Authorization Check.)

To enable the distribution of user groups from the Digital Manufacturing Cloud, you must maintain at least one local user with the Administrator role in each PCo installation. This user runs the cloud services that are used to create and change the user groups.

The master data of user groups, which were created using Cloud services, is protected from changes made in the Management Console. In exceptional cases, you can remove the write protection by choosing Unlock User Group and then make the necessary changes.

Maintain Local Users

If you have already worked with the Digital Manufacturing Cloud and there are, therefore, already local users, the users maintained locally in PCo until now are still included with priority in the authorization checks when cloud services are called.

To create a new user, choose the Add User pushbutton below the list of users. The system proposes a name and an ID for the new user. You can change this proposed data on the right side of the screen.

Each user must have a unique name and a unique user ID. The user ID can be identical to the user ID of the Windows user. Select the roles that you want to assign to each user.

User Roles in PCo

You can assign the roles to the local users. Roles are assigned to the individual user groups using an application in the Digital Manufacturing Cloud.

Role Descriptions
Role	Description
Administrator	This role is for the administration of users and authorizations. The administrator can also trigger the generation and recovery of data backups of the configuration via the Digital Manufacturing Cloud. Recommendation SAP recommends that users with this role shouldn’t be assigned any additional business roles. Users with the Administrator role can only be created locally in PCo.
CertificateAdministrator	A user or user group with this role is allowed to manage certificates. In particular, he or she can establish the trust relationship with communication partners.
PCoConfigurator	A user or a user group with this role can create and change PCo configuration elements, in particular service providers and their dependent configuration elements such as source and destination systems.
ServiceExecutor	This role is required to execute machine methods of the Machine Model.
DataReader	This role is required to read data from a source system using a query.
DataStorer	A user or a user group with this role can use a store query to write data back to a source system.
FileProcessor	A user or a user group with this role can read and write files. This allows files to be written via the Digital Manufacturing Cloud for handover to a print server to a folder that you have configured for this purpose. For more information about setting up the print function in the DMC, see https://help.sap.com/viewer/97c9e9b9fac74be2a023638cd1700b46/latest/en-US/800486f1fd8e4d97bd062c4694c30772.html.
Operator	A user or a user group with this role can start and stop service providers and query the runtime status of service providers (agent instances).
BackupCreator	A user or user group with this role can trigger the generation of data backups of the configuration in the Digital Manufacturing Cloud.