All the functions for the maintenance and follow-up processing of the roles and user assignments copied from the portal are performed using Transaction WP3R (see Working with Transaction WP3R ).
The role data must exist in the role assignment system (see Prerequisites ).
To maintain the data copied from the portal to the SAP system you need user administration authorization (see Authorizations ).
To assign an authorization role on the SAP system side:
Start transaction WP3R and select the option Assign Authorization Roles To Users on the initial screen.
A report is started which looks like role maintenance but which contains an additional hierarchy level containing the SAP user name. The SAP user name contains the following entries:
Portal roles assigned to the user in the portal
Logical systems whose services are accessed by the portal role
Derived authorization roles
Each authorization role is preceded by a checkbox that shows whether the user is currently assigned to the authorization role.
Assign the users to the corresponding authorization roles by activating the checkboxes in front of the authorization roles or by choosing
.You can delete the assignment by clicking the activated checkbox or by choosing
.Save the assignments you have made.
You must assign at least one authorization role for each logical system that is assigned to a portal role. Vice versa, you must remove all authorization roles from the assignment if you unassign a portal role in the portal.
You can assign the roles automatically by choosing one authorization role for a portal role. You can also schedule automatic assignment as a background job. For more information, see Automatic Role Assignment in the Background .
. The system automatically sets the assignments for all users displayed. This only works if there is onlyHowever, there is very often more than one authorization role for a portal role in the same logical system. This is the case, if you require different versions of a particular authorization in the backend system and therefore you must also generate different authorization roles and the associated authorization profiles. See also Creating Authorization Roles .
In this case, the system cannot automatically assign the authorization role to the user. If more than one authorization role and profile are available for a user, as the administrator you decide which roles in the backend system to assign to the user and which not to assign.
If there is more than one authorization role for a portal role in a logical system, the system issues a warning so that you know that the system has not assigned an authorization role to the user and you must assign one manually.
Time-dependent role assignments are not taken into consideration. The authorization role is always assigned with a validity from the current date until December 31, 9999.