Defining Authorizations for External Service Consumption
Process Steps (on Customer’s Side):
Using the profile generator (transaction PFCG), the authorization administrators on the customer’s side create or extend roles based on the delivered SAP role templates.
Authorization administrators configure the roles based on the provided template and assign users to the roles.
The role templates specify the authorizations for content that can be accessed by users of the specific SAP Fiori app within the customer’s namespace.
For detailed information, take a look at: Roles in the SAP Gateway Landscape