In installations in which the user management engine (UME) uses an ABAP back-end system as a data source for its user data, ABAP roles are integrated as follows:
● ABAP roles appear as groups in identity management
● ABAP role assignments appear as user-to-group assignments in identity management
To integrate the authorizations provided by security roles and UME roles with ABAP roles, you can assign the group in identity management, that corresponds to the ABAP role, to the required security role(s) and UME role(s).
In identity management, you cannot assign users or groups to the groups that correspond to ABAP roles. These groups are read-only in the AS Java, with the exception that you can assign UME roles and security roles to them.
The following figure illustrates the integration of J2EE security roles, UME roles, and ABAP roles.