Setup of authorization roles in WCEM 3.0
Dear community member,
In the releases 1.0 and 2.0 we got a lot of requests regarding the external services and the setup of roles and profiles in the WCEM applications.
Managing Authorizations for a Web Shop is a very sensitive task but usually not too much time is planned to accomplish this. In addition it is sometimes difficult to identify issues if the setup of authorizations has not been done correctly.
In this blog I want to give you a small guide how to setup the roles in WCEM 3.0. There is nothing new, but I guess it is helpful to have this information at one glance.
- To get an overview about the Authorization Concept please read the SAP help.
- As prerequisite you should also read the chapter 6 of the WCEM 3.0 Security Guide. Afterwards read please the note 1717933. In the attached documents of this note you will find the file “SAP_WCEM_Authorization_Handling.pdf”. In this document it is described how the authorization tracing functionality can be used at customer side to get own external services, and it explains how the roles can be implemented with the external services delivered by SAP.
- Please check first your SAP_BASIS release for transaction SU25. If it is:
731 SAPKB73109 or
apply the note 1859173.
Read also the note 440231. Apply in regards to your basis release the listed notes.
- If your system runs at one of the following releases:
CRM 7.0 Ehp 1 Support Package 09 or
ERP 6.0 Ehp 5 Support Package 09
you additionally should apply the note 1766593, because the external services are not complete in these support packages.
- Apply note 1805623, 1860028, 1799139, 1863395, 1827042 if needed. See please the validity and symptoms of these notes.
- In the note 1717933 you will find different zip files. They include examples of the web user and technical user roles delivered by SAP. These roles can be uploaded to the customer backend and used as copy templates.
If these steps are done, and the SAP roles and external services are up-do-date, you can take over the SAP proposals to customer tables via transaction SU25 step 2a.
Check please afterwards, if the external services WEC_MODULE_<module_name>_WU and WEC_MODULE_<module_name>_TU are the same in transaction SU22 and SU24. This means, they should have initially the same authority objects and object proposals included.
Here you can see the authorization objects of the external service WEC_MODULE_salestransactions_TU in the transaction SU22.
Now you can create your own technical and web user roles, either as copy of delivered (uploaded) SAP roles or based on the delivered (uploaded) external services. Maintain the authority objects, for which SAP doesn’t deliver proposals, create the profiles and assign them to the appropriate users. The web user role should be assigned to the reference user and the technical user role to the technical user (so called JCO user).
Additional Information: WCEM Index Blog