Role Assigner Permission
Definition
To assign a portal role to a user or group, you must have role assigner permission for the role that you want to assign. You can only have Role assigner permissions for portal roles and not UME roles. It can be assigned to users, groups, portal roles, and UME roles.
See also Permission Levels and Portal Permissions.
Use
Use the role assigner permission to implement delegated user administration where each user administrator can assign a specific subset of roles. This delegation reduces the number of user administrators that have full authorizations in the portal.
Restrictions
You cannot assign role assigner permission to UME roles, so you cannot use the role assigner permission to control which users can assign UME roles to other users or groups. Instead, you can use the UME action UME.Manage_Roles. Any user assigned to a role that has the UME.Manage_Roles action can assign all UME roles to users or groups. Users not assigned to a role that has the UME.Manage_Roles action cannot assign any UME roles.
You should never assign the UME.Manage_Roles action to delegated user administrators, otherwise they can assign themselves the Administrator role and gain full administration rights on the SAP NetWeaver Application Server (AS) Java.
Integration
Any role that has the UME.Manage_All action automatically has role assigner permission on all roles. This permission cannot be removed in the Role Editor. In the portal, both the Super Administrator and User Administrator roles contain the UME.Manage_All action. All users assigned to these roles can assign all roles to users and groups in the role assignment function.
Delegated user administrators can only assign a role if they explicitly have role assigner permission for that role object. They do not need to have any administrator or end user permissions on the role object.
You set the role assigner permission on a role in the Permission Editor in the portal. For more information, see Using the Permission Editor.