User roles enable you to grant authorizations for particular Actions (for example, creating or changing) for a defined Set of Objects.
To use the user roles that you define in the Enterprise Services Builder, you must assign them to users or user groups in SAP Web AS User Management (see below).
You have created a new user role or have opened an existing one.
● To create a new user role, in the main menu bar, choose Tools → User Roles → New ().
● To open an existing user role, in the Integration Builder main menu bar, choose Tools → User Roles → Open ().
In the Display/Edit User Role editor, you define the user roles in the form of a table. To do so, enter one set of objects for each line (by using Selection Paths and Object Type) and the appropriate authorization (by using Actions).
Define the object set that you want to restrict the authorization to in the Selection Path and Objects columns.
Defining a Set of Objects
Parent Column |
Description |
Selection Paths |
Restricts the set of objects to objects from particular software component versions and namespaces. |
Objects |
Restricts the set of objects to particular object types. You can also select the object type Software Component Version here. |
In the Operator column, define whether your object selection (made in superordinate column) is to be included (Include) or excluded (Exclude) from the authorization for particular actions.
Exclude software component version SAP BASIS 6.40means: all software component versions apart from SAP BASIS 6.40.
It is advisable to use the Exclude operator if you want to restrict the authorization for particular actions to just a set of objects that are likely to remain stable in the future, for example.
In the Actions column, specify an action or actions that are to be permitted with the authorization.
You can choose a combination of the following actions:
● Create Objects
● Change Objects
● Delete Objects
● Modify Base Objects
If you select this action, objects from sub-software component versions can be modified. These are software component versions that are linked by a based-on relationship to the software component versions selected under Selection Paths.
More information: Editing a Software Component Version
Note that you cannot undo an authorization that you have already granted in the user roles editor by adding additional lines.
..
For it to take effect, you must hand over your role to the User Management Engine. You do so by activating the user role.
To activate a user role, choose Activate User Role (). To undo, choose Deactivate User Role.
To create users and the assignment of users or user groups to the user roles, which you have defined in the Enterprise Services Builder, you need to carry out further steps in AS ABAP User Management.
More information: Creating Users with Data-Dependent Authorizations
In the Enterprise Services Repository, you can assign the authorization Change Objects (Action) for all data types and message types (parent column Objects, and Types) in the namespaces http://sap.com/xi/XI/Demo/Agency and http://sap.com/xi/XI/Demo/Airline in the software component version SAP BASIS 6.40.