Creating Portal Roles


You need to assign portal roles to your users, so that they can access the content of the SAP NetWeaver Portal that is relevant to them. This procedure describes how you create portal roles.

The figure below illustrates the process of role creation:

The portal roles are transferred to the ABAP development system and post processed with transaction WP3R. These roles are then transported to the ABAP test system. After a successful test, the roles are transported from the development system to the production child system of the CUA. This child system forwards the role names to the CUA central system using a text comparison.



       1.      Create portal roles in the portal using the following options:

Ў        Download business packages from the SAP Developer Network (SDN) at ® SAP NetWeaver ® Portal ® Portal Content Portfolio.

Ў        Create roles and worksets yourself (see Creating and Changing Roles and Worksets and Roles and Worksets).

Manual double maintenance: Part of the roles is maintained as ABAP roles in the ABAP system and part of the roles as portal roles in the portal. This is useful, for example, if you already have a CUA that is functioning well and a sophisticated authorization system to which a portal is to be added.

Ў        Import the ABAP roles from the ABAP systems (by Uploading Roles from ABAP-Based Systems).

When you do so:

§         The existing ABAP roles (single and composite roles) are automatically converted into portal roles or worksets

§         MiniApps are converted into non-Java iViews

§         Transactions, BW queries, Crystal Reports, URLs, and so on are converted to iViews

§         Optionally, user-role assignments are generated (if the user names are identical and portal roles have been generated)

In this way, you obtain a functioning portal application and can use the ABAP authorizations that were defined on the basis of the ABAP roles that originally existed.

However, you need to manually generate the pages with generated iViews and derived ABAP roles are not migrated. The portal content is also less attractive, for example, due to generated entry points.

       2.      Distribute the portal roles from the portal to the ABAP development systems (see Role and User Distribution to the SAP System).

A regular synchronization is planned later, so that all changes to the portal role are transferred to the ABAP role.

You can also distribute the role assignment in this way. The assignment of the user to an ABAP role is generated from the assignment of the user to a portal role or to a UME group.

Caution: The WP3R is not provided with data during the role upload.

Single roles in ABAP systems based on portal roles:

Ў        A dedicated iView allows the transfer of a portal role into a (logical) ABAP system. This is not normally the same ABAP system in which the ABAP role is later used productively.

       3.      All iViews of the portal role that relate to a specific ABAP system are converted into a single role.

Ў        Delta links ensure that only the iViews that a user can see are transferred.

Ў        In the ABAP system, all iViews are displayed as transactions or services in a list in the menu.

The administrators of the ABAP system add the single role authorization data and create derived roles, if necessary, based on the generated single roles, which contain specific authorization data.

       4.      The ABAP roles are then transported from the development system into the production ABAP system.

If you change or add portal roles, you must replicate these in the ABAP systems again.