Dear readers,
this "how-to" post is about defining authorizations and role handling.
In general, the SAP TM collaboration portal knows three access types:
All of them have in common, that there are SAP standard roles delivered.
The process is as follows:
The following roles are relevant for each of the scenarios described above:
For more information about the users mentioned above, see SAP Library for SAP Business Suite on SAP Help Portal at http://help.sap.com -> SAP Transportation Management -> SAP Transportation Management (SAP TM) -> Basic Functions -> Roles.
In case of Gateway hub deployment, you have two users: one user in the SAP TM back-end system and one in the Gateway system. The roles with präfix /TMUI/ have to be assigned in the system in which the software component SAPTMUI is deployed.
To restrict the visibility of worksets for a specific user, proceed as follows:
The following table shows the relation between the workset folders and the worksets in the portal:
PFCG folder | Workset in Portal |
---|---|
/SCMTMS/HOME | Home |
/SCMTMS/FRM | Freight Order Management |
/SCMTMS/FRM – /SCMTMS/TENDERING | Freight Requests for Quotation and Freight Quotations |
/SCMTMS/FRM – /SCMTMS/EVENT_NOT | Freight Orders for Execution |
/SCMTMS/FRS | Freight Settlement |
/SCMTMS/FRS – /SCMTMS/SELF_BILLING | Freight Orders for Self-Billing |
/SCMTMS/FRS – /SCMTMS/INV_SUBMISSION | Freight Orders for Invoice Submission and Invoices |
/SCMTMS/FRA | Freight Agreement Management |
/SCMTMS/FRA – /SCMTMS/FRT_PROCUREMENT | Freight Agreement RFQs and Freight Agreements |
If you delete a workset folder from role /TMUI/COLL_PORTAL, you must also restrict the Gateway service authorizations by removing the IWSV object from role /SCMTMS/COLL_PORTAL. Also, you must delete the corresponding IWSG object in role /TMUI/COLL_PORTAL.
As the role /SCMTMS/COLL_PORTAL is the most complex one, the following step-by-step guide refers to this role. The steps have to be repeated for all relevant roles.
1. After a system upgrade you have to make sure that the newest authorization data is shown in the role. Therefore start transaction SU25 and execute at least step 2a.
2. Start transaction PFCG and enter role /SCMTMS/COLL_PORTAL.
3. Click "Copy role".
4. Provide a "to role" name and click "Copy all".
5. Click on change role.
6. In tab "Menu" provide your changes as described above for the visibility of worksets.
7. In tab "Authorizations" click on "Change Authorization Data".
8. Maintain all authorization data, so that all the traffic lights get green. Afterwards click on "Generate".
9. Click on Execute.
10. Return to main screen.
11. Open the user in transaction SU01 and assign the newly created roles there.
Please let me know your opinion.
Cheers,
Jan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
24 | |
14 | |
11 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 |