Spend Management Blogs by Members
Check out community member blog posts about spend management and SAP Ariba, SAP Fieldglass, and SAP Concur solutions. Post or comment about your experiences.
cancel
Showing results for 
Search instead for 
Did you mean: 
0 Kudos
634

Roles

For information on roles in SAP SRM 7.0, refer to the following:

http://help.sap.com/saphelp_srm70/helpdata/en/74/344c430fab4d0bbc30996d56cc293a/frameset.htm --> Business Packages --> Business Packages for SAP SRM 7.0

Here you will find the relevant roles in Sap sRM 7.0, based on different requirements like Harmonized Procurement for SAP ERP & SAP SRM, SAP SRM Procurement for Public Sector or SAP SRM on One Client in SAP ERP

SAP Note 1261825. Here, you will find a comparison of PFCG and portal roles in SAP SRM 6.0 and SAP SRM 7.0

The new User Interface and Portal environment --- makes it easier for employees to personalize the User Interface content; for example, by using WebDynpro’s inbuilt personalization functions and Personalized Object Work List (POWL). For your IT department, it is easier to control the usage

of applications based on roles in the SAP Enterprise Portal.

Portal Business Content --- Completely new Portal Business Content has been introduced in SAP SRM 7.0, offering full role-based access for employees. The new Business Content integrates SAP ERP user interfaces and

SAP SRM user interfaces in a seamless fashion.

Single Sign-On

In general, the authentication for single sign-on (SSO) is set with a Logon Ticket that is generated at the

first logon to a specific Enterprise Portal, and which must be uploaded into each target system that needs

to communicate with the portal.

You do this in transaction STRUSTSSO2:

  1. Add to Ticket List (known within the complete system)
  2. Add to ACL (valid for the client)

In transaction RZ10, you must ensure that the following two parameters are set correctly:

  • Login/accept_sso_ticket: 1
  • Login/create_sso_ticket: 2

A general recommendation, in order to avoid problems with single sign-on, is to always use fully qualified

domain names. An example:

  1. https://portal/irj/portal
  2. https://portal.wdf.sap.corp/irj/portal

Even though URL 1 can be resolved correctly on the IP level, it can cause problems with SSO, as the

browser does not know that the cookie stored as the logon ticket for URL 2 can also be used for URL 1.

The only reason that URL 1 can be resolved at all is that the name portal is already unique for this portal.

For further information about Single Sign-On refer to:

User Management

We recommend using single sign-on (SSO) for User Management. Therefore, the usernames in both

SAP SRM and the Portal must be the same. In order to determine which actions are necessary, the

following decision tree can be a help:

Note: SAP recommends use of ABAP only if the portal is used for SAP SRM exclusively. If the portal is not used for SAP SRM exclusively, we recommend using LDAP.

Roles for SAP SRM

The following sections describe the PFCG roles available for SAP Supplier Relationship Management 7.0 (SAP SRM 7.0).

Name

Technical Name

SAP SRM: Invoice Verification Clerk

/SAPSRM/ACCOUNTANT

SAP SRM: Administrator

/SAPSRM/ADMINISTRATOR

SAP SRM: User Administrator

/SAPSRM/ADMINISTRATOR_USR

SAP SRM: Bidder

/SAPSRM/BIDDER

SAP SRM: Employee

/SAPSRM/EMPLOYEE

SAP SRM: Manager

/SAPSRM/MANAGER

SAP SRM: Operational Purchaser

/SAPSRM/OP_PURCHASER

SAP SRM: Component Planner

/SAPSRM/PLANNER

SAP SRM: Internal Dispatcher

/SAPSRM/RECIPIENT

SAP SRM: Purchasing Assistant

/SAPSRM/SECRETARY

SAP SRM: Strategic Purchaser

/SAPSRM/ST_PURCHASER

SAP SRM: Supplier

/SAPSRM/SUPPLIER

SAP SRM: Survey Owner

/SAPSRM/SURVEY_OWNER

SAP SRM: Survey Reviewer

/SAPSRM/SURVEY_REVIEWER

Authorization for accessing SRM Enterprise Services

/SAPSRM/ENTERPRISE_SERVICES