Roles contain the following information:
● Name of the role
● Role description text
● Role menu structure
● Authorization profile data
● Users or organization plan elements to which the role is assigned
● MiniApps
● Personalization data
Functions in the Role Administration Initial Screen
Function | Notes |
Change ( | Change and assign delivered roles or change customer roles |
Display ( | Display single or composite roles |
Create Roles ( | Creating Single Roles Creating Roles contains an overview of the procedure. |
Create Composite Roles ( | Creating Composite Roles |
Add to Favorites ( | The role is included in the tree display. |
Where-Used List ( | For single roles, specifies the composite roles in which the role currently entered in the Role field is used. For composite roles, specifies which single roles are contained in the role currently entered in the Role field. |
Delete ( | If you want the deletion to be transported, place the role objects in a transport request before deleting. To delete the role in a system linked by RFC (like a component system in Workplace), choose Role ® Distribute deletion. |
Copy ( | Predefined roles are delivered as templates. They begin with the prefix "SAP_". Copy a role to a name in the customer namespace. You can also copy the user assignment and personalization objects. |
Transport ( | Transport and distribute roles |
Transactions ( | Where-used list for transactions in roles |
Views ( | Select views to display roles. You can choose from the following views: ● Favorites ● Single roles ● Composite roles ● Roles in composite roles ● Inheritance hierarchy ● Display roles for role owner ● Roles grouped by country ● Roles grouped by industry ● Roles grouped by target system Inheritance hierarchy displays all roles from which other roles have been derived. For more information, see Derive roles. |
Display Documentation ( | Displays the documentation of delivered roles in the bottom right-hand part of the screen. You can link a role with a document in the Knowledge Warehouse by choosing Utilities ® Info Object ® Assign. |
Set Filter ( Undo Filter ( | You can further restrict the role display at the bottom of the screen with Set filter. The Roles in composite role view also displays the composite roles to which a single role with the filter search string is assigned. You can reset filter values with Reset filter. |
) 
) 
) 
) 
) 
) 
) 
) 
) 
) 
) 
) Other Functions in the Role Menu
Function | Notes |
All role data (activity assignments, organizational levels, authorization data, user assignment, and so on) are printed. | |
Download/Upload | To avoid inconsistencies, all roles from which a role is derived are also downloaded. When you download composite roles, all the roles which they contain are also downloaded. When you upload a role, all role data, including authorization data is uploaded from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case. You must therefore regenerate the authorization profiles after the upload. |
Read from another system by RFC | ... 1. On the Mass Import of Roles screen, choose the input help. 2. In the dialog box that appears, specify whether you want to use RFC destinations or a variable. 3. If you use RFC destinations, select the RFC destinations of the systems from which you want to import roles. The Select Roles (no composite roles) dialog box appears. The program imports the selected roles, together with its menu and description, into the current system using an RFC connection. The authorization data is not imported, however. You can also enter the RFC destination as a variable with transaction SM30_SSM_RFC. |
Options under Goto ® Settings:
● Simple maintenance (editing the menu for the Workplace)
Choose this option to set up composite or single roles on the Workplace server.
● Basic maintenance (menus, profiles, other objects)
This option contains all functions for role administration. This is the default setting.
● Complete view (organizational management and workflow)
You can use this option to display and change Workflow tasks for a role on the Workflow tab page. The assignments are only relevant for Workflow, that is, the users directly or indirectly assigned to the role are potential Workflow task performers.
Utilities Menu Functions:
Function | Notes |
Status overview | Displays a list of all or selected roles with user assignment, menu, authorization profile and user master record comparison status information. You can choose the following options to restrict the result list: ● Only Display Roles with Errors and Warnings: This option is activated by default and reduces the result list to roles for which the status checks do not return only green lights. There must therefore be at least one traffic light showing at least yellow for the role to be displayed. To display all entered roles in the result list, deselect this option. ● Check assignment of workflow tasks You can activate and deactivate the check for workflow assignments, depending on whether the function is used in your system. Otherwise, roles with missing workflow assignments but that display green traffic lights for all other properties, would also be displayed. This might not actually be what you want. If you are working with workflow assignments, it is useful to select the option (default setting: inactive) to identify roles with no assignments. Essentially, the option can only be selected if organizational management is active. If you use organization management, the statuses of the Workflow tasks and the indirect user assignments are also displayed.
|
Mass generation | Generates the profiles of several roles (Mass generation of profiles) at the same time |
Mass comparison | User master comparison for several roles (Compare user master records) |
Mass transport | You can select several roles to transport in a dialog box (Transporting and Distributing Roles). |
Mass download | Save several roles on the PC. You can choose on the selection screen whether you: ● Also want to transport the single roles contained in the selected composite roles (Customizing switch ADD_COMPOSITE_ROLES in table SSM_CUST) ● Also want to transport the generated profiles for all single roles (PROFILE_TRANSPORT in table PRGN_CUST) You can define the default setting for both options using the value in the Customizing switch. If you explicitly set a switch to NO, the option in question on the selection screen is not active. Otherwise, it is active. |
Role comparison tool | (Cross-system) role comparison (Compare roles). |
Templates | Templates for roles |
Customizing auth. | Assign projects or views of projects in the implementation guide (IMG) to a role. With this assignment, you can generate targeted authorizations for certain IMG activities and assign users. The authorization required to perform all activities in the assigned IMG projects/project views is generated in profile generation. A dialog window appears where you can make this assignment. Choose Information to display more information on using this option. |
Environment Menu Functions
Function | Notes |
User master | Call user administration (Create and edit user master records). |
Text Comparison for CUA Central System | Send the current list of roles and profiles to the CUA central system. |
Display Changes | Displaying Change Documents (For more information about the user interface of the evaluation report, see the Determining Documents for Roles and Role Assignments section.) |
Installation/upgrade | Call the transaction which initially fills the role administration customer tables or updates them after an upgrade. The role administration customer tables contain a copy of the SAP field value and check indicator default values. (Reducing the Scope of Authorization Checks). |
Check Indicators | Call the transaction for changing check indicators and field values. |
Auth. Objects ® Display/Deactivate | Display authorization objects with documentation / |
Roles with responsibilities
In Release SAP R/3 4.5A and higher, all Roles with responsibilities which were created in SAP R/3 4.0A and 4.0B, are migrated in separate roles. The result of the migration is roles that contain transactions, and a derived role that contains the authorization data and user assignments for each responsibility.
No comments:
Post a Comment