Authorization Concept for Automatic Roles 

Use

The automatic roles provided by SAP do not contain any authorizations. These roles are used chiefly to ensure that a suitable menu structure appears in the portal. In the backend system, a check is made whether a user can actually execute a transaction. Therefore, in addition to assigning minimum authorizations at the portal level, you must also ensure that the user has sufficient authorizations in the backend system.

You differentiate between the following cases:

●      An authorization concept does not yet exist. The authorization concept in the backend system is structured to suit the automatic roles.

In this case, there are no existing structures that you have to take into account. You design the automatic roles to suit your own requirements. You can also use the automatic roles in the backend system to generate authorization profiles. For more information, see Generating Authorization Profiles.

●      An authorization concept already exists or is structured without taking possible portal use into consideration.

In this case, you use the automatic roles only to provide suitable menu structures in the portal. When formatting the menu structure, you must ensure that you assign only those transactions that correspond to the authorizations specified in the backend system.

If you created your existing authorization concept with the transaction PFCG on the basis of roles, and you already assigned menu structures to these roles, it can be simpler in some cases to adjust these existing roles for use as automatic roles. All you need to do then is ensure that the menu structures satisfy the requirements of the Upload tool.