Entering content frame

Function documentation User Roles Locate the document in its SAP Library structure

Use

User roles enable you to grant authorizations for particular Actions (for example, creating or changing) for a defined Set of Objects.

Integration

To use the user roles that you define in the Integration Builder, you must assign them to User Management users or to user groups in the SAP Web AS.

Prerequisites

You have created a new user role or have opened an existing one.

·        To create a new user role, in the Integration Builder main menu bar, choose Tools  ® User Roles  ® New (This graphic is explained in the accompanying text).

·        To open an existing user role, in the Integration Builder main menu bar, choose Tools  ® User Roles  ® Open (This graphic is explained in the accompanying text).

Features

In the Display/Edit User Role editor, you define the user roles in the form of a table. To do so, enter one set of objects for each line (by using Selection Paths and Object Type) and the appropriate authorization (by using Actions).

Defining a Set of Objects

In the parent columns Selection Paths and Objects, define the set of objects that the authorization is to be restricted to. You have different options for defining sets of objects, depending on whether you are working in the Integration Directory or Integration Repository.

Defining Sets of Objects in the Integration Repository and Integration Directory

Parent Column

Integration Repository

Integration Directory

Selection Paths

Restricts the set of objects to objects from particular software component versions and namespaces.

Tab page Party:

Restricts the set of objects to parties, party-service pairs, or services (without party).

If you only select one party, only the services of this particular party are displayed in the input help. If you specify any party, input help for services is deactivated (a service is assigned to exactly one party or is classified as a Service Without Party).

Tab page Objects:

No selection path can be selected

Objects

Restricts set of objects to particular Types of design objects. You can also select the object type Software Component Version here.

Tab page Party:

Restricts the set of objects to object types of the collaboration profile.

 

Tab page Objects:

Restricts objects to object types of logical routing and collaboration agreement. You can also select the object type configuration scenario here.

In the Operator column, you can define (in the parent column in each case) whether your selection is to be included (Include) or excluded (Exclude) from the authorization for particular actions.

Example

Exclude software component version SAP BASIS 6.40means: all software component versions apart from SAP BASIS 6.40.

Recommendation

It is advisable to use the Exclude operator if you want to restrict the authorization for particular actions to just a set of objects that are likely to remain stable in the future, for example. 

Defining Actions

In the Actions column, you can specify an action or actions that are to be permitted with the authorization.

You can choose a combination of the following actions:

·        Create Objects

·        Change Objects

·        Delete Objects

·        Modify Basis Objects (Integration Repository only)

If you select this action, objects from sub-software component versions can be modified. These are software component versions that are linked by a based-on relationship to the software component versions selected under Selection Paths (see Displaying/Editing a Software Component Version).

Note

Note that you cannot undo an authorization that you have already granted in the user roles editor by adding additional lines.

..

Activating and Deactivating a User Role

For it to take effect, you must hand over your role to the User Management Engine. You do so by activating the user role.

To activate a user role, choose Activate User Role (This graphic is explained in the accompanying text). To undo, choose Deactivate User Role.

 

Further Steps in Standard SAP Web AS User Management

To create users and assign users or user groups to the user roles that you have defined in the Integration Builder, you must perform further steps in SAP Web AS User Management.

The relevant steps are described in the SAP XI Configuration Guide under Users with Data-Dependent Authorizations (see Structure linkConfiguration of Usage Type Process Integration (PI)).

 

Example

In the Integration Repository, you can assign the authorization Change Objects (Action) for all data types and message types (parent column Objects, and Types) in the namespaces http://sap.com/xi/XI/Demo/Agency and http://sap.com/xi/XI/Demo/Airline in the software component version SAP BASIS 6.40.

 

 

 

Leaving content frame