Using ABAP-Centered Role Assignment

You want to manage user to role assignments as much as possible with SU01 or other ABAP user management tools of the SAP NetWeaver Application Server (SAP NetWeaver AS) for ABAP.

Prerequisites

You have created ABAP authorization and portal roles using one of the following methods:
- Using ABAP-Centered Role Administration
- Using Portal-Centered Role Administration

Context

With this method there is no direct relationship between the portal role and the required ABAP authorizations. You must keep track of what ABAP authorizations are required for which roles.

Note

You can also use this method to assign user management engine (UME) roles to users.

The following figure illustrates ABAP-based role assignment in a complex system landscape. The figure shows how the user assigns the user KWAN to portal role ABC and to the ABAP roles required by the portal role in the FI, CRM, and BI systems. The BI system is not a part of the CUA system landscape.

Procedure

Create a matching ABAP single role for every portal role.

These ABAP roles merely need to exist. They do not need a menu and contain no authorizations. In the portal, the ABAP single roles appear as UME user groups.
In the portal, assign the groups associated with the ABAP roles you created in the previous step to the corresponding portal roles.

This is a 1:1 relationship.
In the CUA central system (or in the individual ABAP-based system if you have no CUA), assign the users to the ABAP roles that correspond to portal roles you want the users to have.

Because the portal role is assigned to the UME group representing the ABAP role, you have indirectly assigned the portal role to your user.
Assign the users any additional ABAP authorization roles the users require in the respective ABAP systems for the portal role.

Results

The user has been assigned the portal role and the ABAP roles required by the portal for any ABAP back-end systems.