First, you need to set up an administrator role for SAP Gateway and assign users to this role. You can then set up one or more user roles and assign users. While you cannot change existing SAP roles, you can create your own roles or copy existing roles to your new custom roles.
Use the standard SAP role templates to create the users you require in the SAP Gateway system. If the users you require already exist in your SAP Business Suite backend system, you can replicate these users in the SAP Gateway system by connecting the SAP Gateway system to Central User Administration or to SAP Identity Management and synchronize the users. If synchronization is not possible, you must create the users manually in the SAP Gateway system.
SAP Gateway provides predefined roles as templates for:
Developers
Administrators
End users
Templates follow the naming convention /IW<component>/RT_USER_<application name>
Support colleagues
Templates provide display authorization only and are intended to be used soley by support colleagues who need to view applications logs.
Use the predefined templates to create administrator, developer, and support colleagues for SAP Gateway. The template names begin with a namespace ID that corresponds to the software components you use.
Create a developer role based on the available templates for all users that are to carry out development tasks such as creating services. Use the developer role /IWBEP/RT_MGW_DSP for accessing a remote system from the Service Builder (transaction SEGW) at design time.
The following templates are available for developers:
Template Type |
Template Name |
Template for |
---|---|---|
Framework |
/IWFND/RT_BOR_DEV |
SAP Gateway BOR Developer |
Framework |
/IWFND/RT_DEVELOPER |
SAP Gateway Developer |
OData Channel |
/IWBEP/RT_MGW_DEV |
OData Channel Developer |
Create a role for an administrator user with permissions and privileges for several tasks, including the following:
Create services.
Analyze logs and identify potential issues with the SAP Gateway landscape.
Install, configure, and maintain SAP Gateway components and applications that run on SAP Gateway.
Configure and maintain users' data, including roles and user mapping.
In the SAP Reference Implementation Guide (IMG) (transaction SPRO), navigate to and click on the Activity icon. The Role Maintenance page displays. Proceed as described below.
To check that the role was properly created and assigned, log onto SAP Gateway as the user you just assigned. You should be able to access transaction SPRO and find the SAP Gateway Implementation Guide there. You can now log onto the SAP Gateway host as the administrator user you have just created to configure SAP Gateway components and content, and to install consumer applications.
For more information about SAP user administrator types, see Setting Up User and Authorization Administrators.
The following templates are available for administrators:
Template Type |
Template Name |
Template for |
---|---|---|
Framework |
/IWFND/RT_ADMIN |
SAP Gateway Framework Administrator |
OData Channel |
/IWBEP/RT_MGW_ADM |
OData Channel Administrator |
Business Enablement Provisioning |
IWBEP/RT_BEP_ADM |
Business Enablement Provisioning Administrator |
Workflow |
/IWWRK/RT_WF_ADM |
SAP Gateway Workflow Administrator |
Create a role for a user with permissions and privileges for user-specific tasks. Depending on your application, you can define different authorizations for different user roles or bundle all authorizations together in one user role.
To create user roles, you must be an SAP Gateway administrator or have an SAP user administrator.
In the SAP Reference Implementation Guide (IMG) (transaction SPRO), navigate to and click on the Activity icon. The Role Maintenance page displays. Proceed as described below.
After you have assigned users to the relevant roles, you can use one of these users and to log on and start working.
If you use Web service based scenarios, copy the SAP_BC_WEBSERVICE_CONSUMER role to a customer role for end users. Then assign this customer role to your end users. To do this, proceed as follows:
To check that you have successfully assigned roles to users, take some of the users assigned to the different roles and make sure that you can log on successfully. If these steps have not been performed successfully, an HTTP request of an authenticated user returns an HTTP 500 error.
The following templates are available for end users:
Template Type |
Template Name |
Template for |
---|---|---|
Framework |
/IWFND/RT_GW_USER |
SAP Gateway User |
Framework |
/IWFND/RT_TU_NOTIF |
SAP Gateway Technical User for Notifications |
OData Channel |
/IWBEP/RT_MGW_USR |
OData Channel User |
OData Channel |
/IWHDB/RT_USER | OData Channel HANA Integration User |
OData Channel |
/IWBEP/RT_SUB_USR | On-behalf Subscription User |
Business Enablement Provisioning |
/IWBEP/RT_BEP_USR |
Business Enablement Provisioning User |
Workflow |
/IWWRK/RT_WF_GW_USR |
SAP Gateway Workflow User |
Workflow |
/IWWRK/RT_WF_SUB_USR | On-Behalf Subscription for SAP Gateway Workflow Services |
The following templates are available for support users (display authorization only). The support templates are available in the SAP Gateway hub system and the SAP Business Suite backend systems respectively. These templates contain read-only authorizations to access SLG1, the application log viewer and the corresponding log objects and sub-objects.
The following templates are available for developers:
Template Type |
Template Name |
Template for |
---|---|---|
Support |
/IWFND/GW_SUPPORT_RO |
Read-only supportability role for SAP Gateway system |
Support |
/IWBEP/GW_SUPPORT_RO |
Read-only supportability role for SAP Business Suite backend system |
Creating and Assigning Roles