You want to manage user to role assignments as much as possible with SU01 or other ABAP user management tools of the SAP NetWeaver Application Server (SAP NetWeaver AS) for ABAP.
With this method there is no direct relationship between the portal role and the required ABAP authorizations. You must keep track of what ABAP authorizations are required for which roles.
You can also use this method to assign user management engine (UME) roles to users.
The following figure illustrates ABAP-based role assignment in a complex system landscape. The figure shows how the user assigns the user KWAN to portal role ABC and to the ABAP roles required by the portal role in the FI, CRM, and BI systems. The BI system is not a part of the CUA system landscape.
The user has been assigned the portal role and the ABAP roles required by the portal for any ABAP back-end systems.