Show TOC Entering content frame

Object documentation Role Assigner Permission Locate the document in its SAP Library structure

Definition

To be able to assign a portal role to a user or group, you must have role assigner permission on the role that you wish to assign. Role assigner permissions can only be assigned on portal roles and not on UME roles. It can be assigned to users, groups, portal roles, and UME roles.

See also Structure linkPermission Levels and Structure linkPortal Permissions.

Use

You can use the role assigner permission to implement delegated user administration where each user administrator can assign a specific subset of roles. This delegation reduces the number of user administrators that have full authorizations in the portal. 

Restrictions

·        You cannot assign role assigner permission on UME roles, so you cannot use the role assigner permission to control which users can assign UME roles to other users or groups. Instead, you can use the UME action UME.Manage_Roles. Any user assigned to a role that has the UME.Manage_Roles action can assign all UME roles to users or groups. Users not assigned to a role that has the UME.Manage_Roles action cannot assign any UME roles.

Caution

You should never assign the UME.Manage_Roles action to delegated user administrators, otherwise they can assign themselves the Administrator role and gain full administration rights on the J2EE Engine

·        The role assigner permission is only checked in the role assignment function of the portal. This permission is not checked in the standalone UME Web tool.

Integration

Any role that has the UME.Manage_All action automatically has role assigner permission on all roles. This permission cannot be removed in the Role Editor. In the portal, both the Super Administrator and User Administrator roles contain the UME.Manage_All action. All users assigned to these roles can assign all roles to users and groups in the role assignment function.

Delegated user administrators can only assign a role if they explicitly have role assigner permission for that role object. They do not need to have any administrator or end user permissions on the role object.

You set the role assigner permission on a role in the Permission Editor in the portal. For more information, see Structure linkUsing the Permission Editor.

Leaving content frame