Show TOC

User, Developer, and Administrator RolesLocate this document in the navigation structure

Use

First, you need to set up an administrator role for SAP Gateway and assign users to this role. You can then set up one or more user roles and assign users. While you cannot change existing SAP roles, you can create your own roles or copy existing roles to your new custom roles.

Use the standard SAP role templates to create the users you require in the SAP Gateway system. If the users you require already exist in your SAP Business Suite backend system, you can replicate these users in the SAP Gateway system by connecting the SAP Gateway system to Central User Administration or to SAP Identity Management and synchronize the users. If synchronization is not possible, you must create the users manually in the SAP Gateway system.

SAP Gateway provides predefined roles as templates for:

  • Developers

  • Administrators

  • End users

    Templates follow the naming convention /IW<component>/RT_USER_<application name>

  • Support colleagues

    Templates provide display authorization only and are intended to be used soley by support colleagues who need to view applications logs.

   

Use the predefined templates to create administrator, developer, and support colleagues for SAP Gateway. The template names begin with a namespace ID that corresponds to the software components you use.

SAP Gateway Developer Role

Create a developer role based on the available templates for all users that are to carry out development tasks such as creating services. Use the developer role /IWBEP/RT_MGW_DSP for accessing a remote system from the Service Builder (transaction SEGW) at design time.

The following templates are available for developers:

Template Type

Template Name

Template for

Framework

/IWFND/RT_BOR_DEV

SAP Gateway BOR Developer

Framework

/IWFND/RT_DEVELOPER

SAP Gateway Developer

OData Channel

/IWBEP/RT_MGW_DEV

OData Channel Developer
SAP Gateway Administrator Role

Create a role for an administrator user with permissions and privileges for several tasks, including the following:

  • Create services.

  • Analyze logs and identify potential issues with the SAP Gateway landscape.

  • Install, configure, and maintain SAP Gateway components and applications that run on SAP Gateway.

  • Configure and maintain users' data, including roles and user mapping.

In the SAP Reference Implementation Guide (IMG) (transaction SPRO), navigate to Start of the navigation path SAP NetWeaver Next navigation step SAP Gateway Next navigation step OData Channel Next navigation step Configuration Next navigation step User Settings Next navigation step Define Role for SAP Gateway Administrator End of the navigation path and click on the Activity icon. The Role Maintenance page displays. Proceed as described below.

To check that the role was properly created and assigned, log onto SAP Gateway as the user you just assigned. You should be able to access transaction SPRO and find the SAP Gateway Implementation Guide there. You can now log onto the SAP Gateway host as the administrator user you have just created to configure SAP Gateway components and content, and to install consumer applications.

For more information about SAP user administrator types, see Setting Up User and Authorization Administrators.

The following templates are available for administrators:

Template Type

Template Name

Template for

Framework

/IWFND/RT_ADMIN

SAP Gateway Framework Administrator

OData Channel

/IWBEP/RT_MGW_ADM

OData Channel Administrator

Business Enablement Provisioning

IWBEP/RT_BEP_ADM

Business Enablement Provisioning Administrator

Workflow

/IWWRK/RT_WF_ADM

SAP Gateway Workflow Administrator
SAP Gateway User Role

Create a role for a user with permissions and privileges for user-specific tasks. Depending on your application, you can define different authorizations for different user roles or bundle all authorizations together in one user role.

Note

To create user roles, you must be an SAP Gateway administrator or have an SAP user administrator.

In the SAP Reference Implementation Guide (IMG) (transaction SPRO), navigate to Start of the navigation path SAP NetWeaver Next navigation step SAP Gateway Next navigation step OData Channel Next navigation step Configuration Next navigation step User Settings Next navigation step Define Role for SAP Gateway User End of the navigation path and click on the Activity icon. The Role Maintenance page displays. Proceed as described below.

After you have assigned users to the relevant roles, you can use one of these users and to log on and start working.

If you use Web service based scenarios, copy the SAP_BC_WEBSERVICE_CONSUMER role to a customer role for end users. Then assign this customer role to your end users. To do this, proceed as follows:

  1. Click on the Activity icon of the IMG activity Define Role for SAP Gateway User mentioned above. The Role Maintenance page displays.
  2. In the Role field, enter your customer role for Web services and choose Change.
  3. On the User tab enter the names of the users to whom you want assign this role and save your settings.
  4. Choose User Comparison.
  5. Choose Complete Comparison.
  6. Save your settings.

To check that you have successfully assigned roles to users, take some of the users assigned to the different roles and make sure that you can log on successfully. If these steps have not been performed successfully, an HTTP request of an authenticated user returns an HTTP 500 error.

The following templates are available for end users:

Template Type

Template Name

Template for

Framework

/IWFND/RT_GW_USER

SAP Gateway User

Framework

/IWFND/RT_TU_NOTIF

SAP Gateway Technical User for Notifications

OData Channel

/IWBEP/RT_MGW_USR

OData Channel User

OData Channel

 /IWHDB/RT_USER OData Channel HANA Integration User

OData Channel

 /IWBEP/RT_SUB_USR On-behalf Subscription User

Business Enablement Provisioning

/IWBEP/RT_BEP_USR

Business Enablement Provisioning User

Workflow

/IWWRK/RT_WF_GW_USR

SAP Gateway Workflow User

Workflow

 /IWWRK/RT_WF_SUB_USR On-Behalf Subscription for SAP Gateway Workflow Services
SAP NetWeaver Support User Role

The following templates are available for support users (display authorization only). The support templates are available in the SAP Gateway hub system and the SAP Business Suite backend systems respectively. These templates contain read-only authorizations to access SLG1, the application log viewer and the corresponding log objects and sub-objects.

The following templates are available for developers:

Template Type

Template Name

Template for

Support

/IWFND/GW_SUPPORT_RO

Read-only supportability role for SAP Gateway system

Support

/IWBEP/GW_SUPPORT_RO

Read-only supportability role for SAP Business Suite backend system
More Information