After you have installed the SAP NetWeaver Gateway components you require, you need to set up an administrator role for SAP NetWeaver Gateway components and assign users to it. Then you set up one or several user roles and assign users to it as well. As you cannot change existing SAP roles, you create your own roles or copy existing roles to your new custom roles.
The SAP system includes templates as opposed to actual users, so you must use the available role templates to create the users you require in the SAP NetWeaver Gateway system. If the users you require exist in your SAP Business Suite backend system, you can replicate these users in the SAP NetWeaver Gateway system by connecting the SAP NetWeaver Gateway system to Central User Administration or to SAP Identity Management and synchronize the users in this way. If this is not possible, you must create the users manually.
SAP NetWeaver Gateway provides predefined roles as templates for:
Developers
Administrators
End users of the different content scenarios
These templates follow the naming convention /IWCNT/RT_USER_<application name>.
Support colleagues
These templates provide display authorizations only and are intended to be used by support colleagues who need to view applications logs.
Use the predefined templates to create administrator, developer, user, and support roles for SAP NetWeaver Gateway components. The template names begin with a namespace ID that corresponds to the software components you use.
Create a developer role based on the available templates for all users that are to carry out development tasks such as creating services. Use the developer role /IWBEP/RT_MGW_DSP for accessing a remote system from the Service Builder (transaction SEGW) at design time.
The following templates are available for developers:
Template Type | Template Name | Template for |
---|---|---|
Framework | /IWFND/RT_BOR_DEV | SAP NetWeaver Gateway BOR Developer |
Framework | /IWFND/RT_DEVELOPER | SAP NetWeaver Gateway Developer |
OData Channel | /IWBEP/RT_MGW_DEV | OData Channel Developer |
Screen Scraping | /IWSCS/RT_SCR_DEV | SAP NetWeaver Gateway Screen Scraping Developer For more information, see Assigning Authorization to Transaction and Search Help |
Create a role for an administrator user with permissions and privileges for several tasks, including the following:
Create services.
Analyze logs and identify potential issues with the SAP NetWeaver Gateway landscape.
Install, configure, and maintain SAP NetWeaver Gateway components and applications that run on SAP NetWeaver Gateway.
Configure and maintain users’ data including roles and user mapping.
In the SAP Reference Implementation Guide (IMG) (transaction SPRO), navigate to
and click on the Activity icon. The Role Maintenance page displays.To check that the role was properly created and assigned, log onto the SAP NetWeaver Gateway system as the user you just assigned. You should be able to access transaction SPRO and find the SAP NetWeaver Gateway Implementation Guide there. You can now log onto the SAP NetWeaver Gateway host as the administrator user you have just created to configure SAP NetWeaver Gateway components and content, and to install consumer applications.
For more information about SAP user administrator types, see Setting Up User and Authorization Administrators.
The following templates are available for administrators:
Template Type | Template Name | Template for |
---|---|---|
Framework | /IWFND/RT_ADMIN | SAP NetWeaver Gateway Framework Administrator |
Content Scenario | /IWCNT/RT_ADMIN_REP | SAP NetWeaver Gateway Reporting Management Administrator. See Settings for Reporting Management for details on authorizations required. |
OData Channel | /IWBEP/RT_MGW_ADM | OData Channel Administrator |
Business Enablement Provisioning (IW_BEP component) | /IWBEP/RT_BEP_ADM | Business Enablement Provisioning Administrator |
Workflow | /IWWRK/RT_WF_ADM | SAP NetWeaver Gateway Workflow Administrator |
Create a role for a user with permissions and privileges for user-specific tasks. Depending on your application, you can either specify different authorizations for different user roles or have all authorizations bundled together in one user role.
Note
You must be a SAP NetWeaver Gateway administrator or have a SAP user administrator to create user roles.
In the SAP Reference Implementation Guide (IMG) (transaction SPRO), navigate to
and click on the Activity icon. The Role Maintenance page displays. Proceed as described below.Once you have assigned users to the relevant roles, you can log on as one of these users and work as them.
If you use Web service based scenarios, copy the SAP_BC_WEBSERVICE_CONSUMER role to a customer role for end users. Then assign this customer role to your end users. To do this, proceed as follows:
Click on the Activity icon of the IMG activity Define Role for SAP NetWeaver Gateway User mentioned above.
The Role Maintenance page displays.
In the Role field, enter your customer role for Web services and choose Change.
On the User tab enter the names of the users to whom you want assign this role and save your settings.
Choose User Comparison.
Choose Complete Comparison.
Save your settings.
To check that you have successfully assigned roles to users, take some of the users assigned to the different roles and make sure that you can log on successfully. If these steps have not been performed successfully, an HTTP request of an authenticated user returns an HTTP 500 error.
The following templates are available for end users:
Template Type | Template Name | Template for |
---|---|---|
Framework | /IWFND/RT_GW_USER | SAP NetWeaver Gateway User |
Framework | /IWFND/RT_TU_NOTIF | SAP NetWeaver Gateway Technical User for Notifications |
Content Scenario | /IWCNT/RT_USER_LEMA | SAP NetWeaver Gateway Leave Management User. See Settings for Leave Management Application for details on authorizations required. |
Content Scenario | /IWCNT/RT_USER_REP | SAP NetWeaver Gateway Reporting Management User See Settings for Reporting Management for details on authorizations required. |
Content Scenario | /IWCNT/RT_USER_SS | SAP NetWeaver Gateway Sample Services User |
Content Scenario | /IWCNT/RT_USER_TRVL | SAP NetWeaver Gateway Travel User |
Content Scenario | /IWCNT/RT_USER_TIMA | SAP NetWeaver Gateway Time Management User. See Settings for Time Management Application for details on authorizations required. |
Content Scenario | /IWCNT/RT_USER_WF | SAP NetWeaver Gateway Workflow User |
Content Scenario | /IWCNT/RT_USER_ACT | SAP NetWeaver Gateway Activity Management User See Settings for Customer Relationship Management on SAP NetWeaver Gateway for details on authorizations required. |
Content Scenario | /IWCNT/RT_USER_ACCNT | SAP NetWeaver Gateway User for Account Management See Settings for Customer Relationship Management on SAP NetWeaver Gateway for details on authorizations required. |
Content Scenario | /IWCNT/RT_USER_CONT | SAP NetWeaver Gateway User for Contact Management See Settings for Customer Relationship Management on SAP NetWeaver Gateway for details on authorizations required. |
OData Channel | /IWBEP/RT_MGW_USR | OData Channel User |
OData Channel | /IWHDB/RT_USER | OData Channel HANA Integration User |
OData Channel | /IWBEP/RT_SUB_USR | On-behalf Subscription User |
Business Enablement Provisioning (IW_BEP component) | /IWBEP/RT_BEP_USR | Business Enablement Provisioning User |
Workflow | /IWWRK/RT_WF_GW_USR | SAP NetWeaver Gateway Workflow User |
Workflow | /IWWRK/RT_WF_SUB_USR | On-Behalf Subscription for SAP NetWeaver Gateway Workflow Services |
Screen Scraping | /IWSCS/RT_SCR_USR | SAP NetWeaver Gateway Screen Scraping User For more information, see Assigning Authorization to Transaction and Search Help |
The following templates are available for support users (display authorization only). The support templates are available in the SAP NetWeaver Gateway hub system and the SAP Business Suite backend systems respectively. These templates contain read-only authorizations to access SLG1, the application log viewer and the corresponding log objects and sub-objects.
Template Type | Template Name | Template for |
---|---|---|
Support | /IWFND/GW_SUPPORT_RO | Read-only supportability role for SAP NetWeaver Gateway system |
Support | /IWBEP/GW_SUPPORT_RO | Read-only supportability role for SAP Business Suite backend system |