You want to manage user to role assignments in the portal as much as possible. You will have some role assignment tasks to perform in the ABAP system. This method can only be used to assign those roles that are required by the portal.
The following figure illustrates the role assignment process with the portal as the leading system. The figure shows how the assignment of user KWAN to portal role ABC is distributed to the CUA central system and the BI system. The systems FI and CRM receive the relevant assignments from the CUA central system.
· Users in the portal have one of the following:
○ Portal users have the same names as those in the back-end systems
○ A user mapping for the portal users exist.
The user mapping cannot be mapped to multiple ABAP users in the various back-end systems of the CUA.
· You have created portal roles and transferred them to the relevant ABAP-based systems. Whether the roles originally come from the portal or from the ABAP-based systems, you must make the portal roles known to the ABAP back-end systems.
When you distribute roles to the ABAP-based system, you must decide if you want to create new authorization roles or overwrite existing authorization roles. If you choose the later, the menu entries are replaced with those from the portal.
For more information, see Using Portal-Centered Role Administration.
· You have assigned users to portal roles or to groups assigned to portal roles.
1. Distribute the user-to-portal role assignments to the CUA central system or the ABAP production systems.
User groups are resolved before the transfer. The generation runs at the level of individual users and not user groups.
For more information, see Transferring User Assignments.
2. In the CUA central system (or in the individual ABAP-based systems, if you do not use a CUA), use transaction WP3R to assign ABAP authorization roles to users.
Select corresponding single roles or derived roles and assign these to the users. If there is a 1:1 relationship between portal and ABAP roles for each system (that is, no derived roles exist), this process can run automatically.
If you change the role assignments, you must distribute these again, one or more times per day.
For more information, see Assigning Authorization Roles.
The user has been assigned the ABAP roles required by the portal role.