Show TOC

Function documentationDefining User Roles Locate this document in the navigation structure

 

User roles enable you to grant authorizations for particular actions (such as changes) for a defined set of objects.

Prerequisites

You have activated the exchange profile parameter com.sap.aii.util.server.auth.activation. For more information on activating authorization checks, see Creating Users with Data-Dependent Authorizations.

Features

Define User Role

  1. In the Integration Builder menu bar, choose   Tools   User Roles   New  .

  2. Specify the name of the user role.

  3. Define the object set that you want to define the authorization for.

    • To define authorizations for objects of logical routing, a collaboration agreement, or a configuration scenario, select the Objects tab page.

      In the Types column, select the object types to which the authorization is to apply.

    • To define authorizations for objects of the collaboration profile, select the Partner tab page.

      In the Selection Paths column, you can first define the party or communication component to which the authorization is to apply.

      To do this, call the input help in the Party or Communication Component column.

      Note Note

      If you only select exactly one party, only the communication components of this particular party are displayed in the input help.

      If you specify Any Parties, the input help for communication components is deactivated (a communication component is assigned to exactly one party or is classified as a communication component without an assignment to a party).

      In the Objects column, you can restrict the authorization to apply just to objects that are assigned to the party or the communication component selected previously.

      End of the note.

  4. In the Operator column, define whether your object selection is to be included (Include) or excluded (Exclude) from the authorization for particular actions.

  5. Specify the permitted actions for the object set.

    To do this, call the input help in the Actions column and select the permitted actions.

    You can choose between the following actions:

    • Read

    • Write

    • Change

    • Full Edit (read, write, and change)

  6. Save and activate the user role.

Activate User Role

For it to take effect, you must hand over your role to the User Management Engine. You do so by activating the user role.

To activate a user role, choose Activate User Role. To undo, choose Deactivate User Role.

Further Steps in Standard SAP Web AS User Management

To create users and the assignment of users or user groups to the user roles, which you have defined in the Integration Builder, you need to carry out further steps in AS ABAP User Management.

For more information, see: Creating Users with Data-Dependent Authorizations