Show TOC Start of Content Area

Procedure documentation Using Portal-Centered Role Administration  Locate the document in its SAP Library structure


In portal-centered role administration, you create your roles on the portal. Afterwards you must create the authorizations you need in the back end.


This process is required if you later want to use the portal system to assign roles to users.

Use portal-centered role administration when you want to leverage existing portal roles to create ABAP roles for new systems. You can also use this process when both the portal and ABAP systems are new. Any time you update the portal roles, you must manually redistribute the roles to the affected systems.

The figure below illustrates the role distribution process. The figure shows a three-tiered ABAP system landscape with development, test, and production systems. The portal role ABC is distributed to each of the development systems. In the development system the administrator creates or assigns an ABAP authorization role to the portal role. After testing the authorization role in the test system, the administrator transports the authorization role to the production system.

In a Central User Administration (CUA) system landscape the administrator needs to make the new roles known to the CUA central system by performing a text comparison.

This graphic is explained in the accompanying text



       1.      In the portal system, create portal roles.

Use any of the following options to create the roles:

        Download business packages from the SAPDeveloper Network (SDN) at SAP NetWeaver Portal Portal Content Portfolio.

        Create roles and worksets yourself.

For more information, see Creating and Editing Workcenter Roles and Creating and Editing Freestyle Roles and Worksets.

        Upload content from ABAP back-end systems.

For more information, see Using ABAP-Centered Role Administration.

       2.      Distribute the roles to the relevant development system for each production system you want to access.

For more information, see Role and User Distribution to the SAP System.

       3.      In each development system use transaction WP3R to process the portal roles.

With WP3R, you can do the following:

       Create a new ABAP authorization role for the portal role

       Assign the portal role an existing ABAP authorization role.


Assigning a portal role to an existing ABAP role overwrites any menu information in the ABAP role with menu information from the portal role.

For more information, see Maintenance of Authorization Roles.

       4.      Transport the ABAP roles to the relevant test systems.

If problems occur in the test systems, edit the ABAP roles in the development system and test again until the roles are ready for use in the production environment.

       5.      Transport the ABAP roles to the relevant production system.

       6.      For systems that are part of CUA, perform a text comparison.

This ensures that the roles are know to the CUA central system. You can perform this text comparison in the CUA central system or in the relevant child systems.


You are ready to assign users to distributed roles. Determine if you want to use the ABAP system or the portal system to assign the roles to users.

      For more information about assigning users to roles from the ABAP system, see Using ABAP-Centered Role Assignment.

      For more information about assigning users to roles from the portal, see Using Portal-Centered Role Assignment.

End of Content Area