Entering content frame

Procedure documentation Creating Portal Roles Locate the document in its SAP Library structure

Use

You need to assign portal roles to your users, so that they can access the content of the SAP Enterprise Portal that is relevant to them. This procedure describes how you create portal roles.

The figure below illustrates the process of role creation:

This graphic is explained in the accompanying text

The portal roles are transferred to the ABAP development system and postprocessed with transaction WP3R. These roles are then transported to the ABAP test system. After a successful test, the roles are transported from the development system to the production child system of the CUA. This child system forwards the role names to the CUA central system using a text comparison.

Procedure

...

       1.      Create portal roles in the Enterprise Portal using on the following options:

¡        Download the roles and worksets published by iView Studio (see www.iviewstudio.com).

¡        Create roles and worksets yourself (see Structure linkCreating and Changing Roles and Worksetsand Structure linkRoles and Worksets).

Manual double maintenance: Part of the roles is maintained as ABAP roles in the ABAP system and part of the roles as portal roles in the portal. This is useful, for example, if you already have a CUA that is functioning well and a sophisticated authorization system to which an Enterprise Portal is to be added.

¡        Import the ABAP roles from the ABAP systems (as of EP 6 SP 4, by Structure linkUploading Roles from ABAP-Based Systems).

When you do so:

§         The existing ABAP roles (single and composite roles) are automatically converted into portal roles or worksets

§         MiniApps are converted into non-Java iViews

§         Transactions, BW queries, Crystal Reports, URLs, and so on are converted to iViews

§         Optionally, user-role assignments are generated (if the user names are identical and portal roles have been generated)

In this way, you obtain a functioning portal application and can use the ABAP authorizations that were defined on the basis of the ABAP roles that originally existed.

However, you need to manually generate the pages with generated iViews and derived ABAP roles are not migrated. The portal content is also less attractive, for example, due to generated entry points.

       2.      Distribute the portal roles from the Enterprise Portal to the ABAP development systems (see Structure linkRole and User Distribution to the SAP System).

A regular synchronization is planned later, so that all changes to the portal role are transferred to the ABAP role.

You can also distribute the role assignment can also in this way. The assignment of the user to an ABAP role is generated from the assignment of the user to a portal role or to a UME group.

Caution: The WP3R is not provided with data during the role upload.

Single roles in ABAP systems based on portal roles:

¡        A dedicated iView allows the transfer of a portal role into a (logical) ABAP system. This is not normally the same ABAP system in which the ABAP role is later used productively.

       3.      All iViews of the portal role that relate to a specific ABAP system are converted into a single role.

¡        Delta links ensure that only the iViews that a user can see are transferred.

¡        In the ABAP system, all iViews are displayed as transactions or services in a list in the menu.

The administrators of the ABAP system add the single role authorization data and create derived roles, if necessary, based on the generated single roles, which contain specific authorization data.

       4.      The ABAP roles are then transported from the development system into the production ABAP system.

Note

If you change or add portal roles, you must replicate these in the ABAP systems again.

 

 

 

Leaving content frame