Granting and Revoking System Privileges 
System privileges can be granted to a custom role for all objects system-wide, in a partition or with an isolation group. Custom roles are created in the authentication system, they are created in SAP CPS as soon as a user with that role logs on.
You cannot modify any of the built-in roles:
scheduler-administrator - can perform all actions.
scheduler-event-operator - can raise and clear events.
scheduler-job-administrator - can create/edit/delete event definitions, job definitions, job chains. Can modify jobs.
scheduler-user - has access to SAP CPS only, cannot see any objects.
scheduler-viewer - read only access to all objects.
scheduler-isolation-administrator - can create/edit/delete isolation groups and add users to these.
scheduler-screen-reader - indicates that you are using a screen reader.
Procedure
Granting privileges to a custom role
Navigate to
Security → Roles 
.Choose Edit from the context menu of an editable role. Editable roles have a description: Created automatically on first login.
On the Assign Privileges tab, choose an Object definition and then Next.
Choose the desired range of the privileges.
Choose a Rank with the desired privileges. Admin privileges allow the user to perform the action and to grant the privilege to others as well. Access privileges allow the user to perform the actions.
Revoking privileges from a custom role
Navigate to
Security → Roles .Choose Edit from the context menu of an editable role.Editable roles have a description: Created automatically on first login.
On the Assign Privileges tab, choose an Object definition and then Next.
Choose the desired range of the privileges.
Choose a Rank with the desired privileges. Admin privileges allow the user to perform the action and to grant the privilege to others as well. Access privileges allow the user to perform the actions.