Show TOC

Configuring the Role of the Resource Owner for OAuth 2.0Locate this document in the navigation structure


To configure a role for a resource owner and OAuth 2.0 clients with their related scopes, proceed as follows:


  1. Start the role maintenance with the transaction PFCG.
  2. Choose the role you want to assign to the resource owner's user.
  3. Choose the Authorizations tab.
  4. Choose Change Authorization Data. This opens the screen where you can add or remove authorization objects.
  5. Choose . F6
  6. Choose the Manual pushbutton.
  7. Enter or choose the S_SCOPE authorization object.
  8. Expand the S_SCOPE authorization object. You see the following fields:
    • OAuth 2.0 Client ID

    • OAuth 2.0 Client ID

  9. Choose Change in front of the OAuth 2.0 Client ID field and enter the client you want to enable to access the scope (in the same authorization object).
  10. Enter a full OAuth 2.0 client ID for one client only. You can optionally enter * for all clients or, for example OA2* for all clients starting with OA2.
  11. Save your entries.
  12. Choose Change in front of the OAuth 2.0 Scope field.
  13. Enter the scope that is supposed to be accessed by the OAuth 2.0 client specified above. Enter * for all scopes, list scopes, specify ranges or enter, for example SC* for all scopes starting with SC.
  14. Save your entries.
  15. Save the authorizations and generate the role using Generate.


Now the resource owner role for OAuth 2.0 is completed. You have determined OAuth 2.0 clients and their respective scopes.