Show TOC

Assigning RolesLocate this document in the navigation structure

Use

All the functions for the maintenance and follow-up processing of the roles and user assignments copied from the portal are performed using Transaction WP3R (see Working with Transaction WP3R ).

Prerequisites

  • The role data must exist in the role assignment system (see Prerequisites ).

  • To maintain the data copied from the portal to the SAP system you need user administration authorization (see Authorizations ).

Procedure

To assign an authorization role on the SAP system side:

  1. Start transaction WP3R and select the option Assign Authorization Roles To Users on the initial screen.

    A report is started which looks like role maintenance but which contains an additional hierarchy level containing the SAP user name. The SAP user name contains the following entries:

    • Portal roles assigned to the user in the portal

    • Logical systems whose services are accessed by the portal role

    • Derived authorization roles

  2. Each authorization role is preceded by a checkbox that shows whether the user is currently assigned to the authorization role.

    Assign the users to the corresponding authorization roles by activating the checkboxes in front of the authorization roles or by choosing Start of the navigation path Authorization role Next navigation step Assign End of the navigation path.

    You can delete the assignment by clicking the activated checkbox or by choosing Start of the navigation path Authorization role Next navigation step Unassign End of the navigation path.

  3. Save the assignments you have made.

Note

You must assign at least one authorization role for each logical system that is assigned to a portal role. Vice versa, you must remove all authorization roles from the assignment if you unassign a portal role in the portal.

You can assign the roles automatically by choosing Start of the navigation path Utilities Next navigation step Propose Assignment End of the navigation path. The system automatically sets the assignments for all users displayed. This only works if there is only one authorization role for a portal role. You can also schedule automatic assignment as a background job. For more information, see Automatic Role Assignment in the Background .

However, there is very often more than one authorization role for a portal role in the same logical system. This is the case, if you require different versions of a particular authorization in the backend system and therefore you must also generate different authorization roles and the associated authorization profiles. See also Creating Authorization Roles .

In this case, the system cannot automatically assign the authorization role to the user. If more than one authorization role and profile are available for a user, as the administrator you decide which roles in the backend system to assign to the user and which not to assign.

If there is more than one authorization role for a portal role in a logical system, the system issues a warning so that you know that the system has not assigned an authorization role to the user and you must assign one manually.

Note

Time-dependent role assignments are not taken into consideration. The authorization role is always assigned with a validity from the current date until December 31, 9999.