Start of Content Area

Procedure documentation Defining User Roles  Locate the document in its SAP Library structure

Use

User roles enable you to grant authorizations for particular Actions (for example, creating or changing) for a defined Set of Objects.

To use the user roles that you define in the Enterprise Services Builder, you must assign them to users or user groups in SAP Web AS User Management (see below).

Prerequisites

You have created a new user role or have opened an existing one.

      To create a new user role, in the main menu bar, choose Tools User Roles New (This graphic is explained in the accompanying text).

      To open an existing user role, in the Integration Builder main menu bar, choose Tools  User Roles  Open (This graphic is explained in the accompanying text).

Procedure

In the Display/Edit User Role editor, you define the user roles in the form of a table. To do so, enter one set of objects for each line (by using Selection Paths and Object Type) and the appropriate authorization (by using Actions).

Define Object Set

Define the object set that you want to restrict the authorization to in the Selection Path and Objects columns.

Defining a Set of Objects

Parent Column

Description

Selection Paths

Restricts the set of objects to objects from particular software component versions and namespaces.

Objects

Restricts the set of objects to particular object types. You can also select the object type Software Component Version here.

In the Operator column, define whether your object selection (made in superordinate column) is to be included (Include) or excluded (Exclude) from the authorization for particular actions.

Example

Exclude software component version SAP BASIS 6.40means: all software component versions apart from SAP BASIS 6.40.

Recommendation

It is advisable to use the Exclude operator if you want to restrict the authorization for particular actions to just a set of objects that are likely to remain stable in the future, for example. 

Define Actions

In the Actions column, specify an action or actions that are to be permitted with the authorization.

You can choose a combination of the following actions:

      Create Objects

      Change Objects

      Delete Objects

      Modify Base Objects

If you select this action, objects from sub-software component versions can be modified. These are software component versions that are linked by a based-on relationship to the software component versions selected under Selection Paths.

More information: Editing a Software Component Version

Note

Note that you cannot undo an authorization that you have already granted in the user roles editor by adding additional lines.

..

Activate User Role

For it to take effect, you must hand over your role to the User Management Engine. You do so by activating the user role.

To activate a user role, choose Activate User Role (This graphic is explained in the accompanying text). To undo, choose Deactivate User Role.

Further Steps in Standard SAP Web AS User Management

To create users and the assignment of users or user groups to the user roles, which you have defined in the Enterprise Services Builder, you need to carry out further steps in AS ABAP User Management.

More information: Creating Users with Data-Dependent Authorizations

Example

In the Enterprise Services Repository, you can assign the authorization Change Objects (Action) for all data types and message types (parent column Objects, and Types) in the namespaces http://sap.com/xi/XI/Demo/Agency and http://sap.com/xi/XI/Demo/Airline in the software component version SAP BASIS 6.40.

 

End of Content Area