Ansicht
Dokumentation

FMCA_PS_EXT_USER_SET - Maintain Settings for External User Management

TXBHW - Original Tax Base Amount in Local Currency   PERFORM Short Reference  
This documentation is copyright by SAP AG.

Configure the privileges that can be assigned to external users.

1. Maintain a number range interval for users:

SAP NetWeaver -> Gateway Service Enablement -> Backend OData Channel -> User Self Service Setup -> Maintain Number Range Interval for User Self Service

1. Maintain an RFC destination to replicate user:

SAP NetWeaver -> Gateway Service Enablement -> Backend OData Channel -> User Self Service Setup -> Maintain RFC Destination for User Replication

1. Create a reference role including an authorizations/security policy on the Gateway server using following transactions:
1. PFCG
2. SECPOL
2. Create a reference user on the Gateway server using transaction SU01 and assign a reference role and security policy.
3. Create user groups in the ERP backend system using transaction SUGR.
4. Create roles and assign authorizations in the ERP backend system using transaction PFCG.
5. Create a security policy in the backend using transaction SECPOL.

1. Define User Categories

User categories define a common group of users that share the same characteristics and similar authorizations in the backend, as well as the frontend. For example, individual taxpayers, corporate taxpayers, and tax advisors.

The following BAdI determines to which user category a business partner belongs:

FMCA_MC_SETTING_IMPL (Method: Get_USER_CATEGORY)

Note: The default implementation reads the first user category ID entry from the customizing table.

To define a user category:

1. Click New Entries
2. Under User Category ID, enter the name of the category.
3. Under User Creation Limit, enter how many users are permitted for the business partner.

Example: You can define that an individual tax payer cannot create more than three users (one for themselves and the other one for their tax accountants), while a corporation can create up to 10 users.

1. Click the Back icon - the category you created should now be visible in the list.

Now assign the category to a user group:

1. Select the category you created and then, from the Dialog Structure, double-click User Group Settings.
2. Click New Entries.
3. In the User Group ID field, use the F4 Help to select the user group to which your category should be assigned.
4. Under User Group Settings, enter the following information:

Gateway Reference User: Enter the reference user (see Prerequisites, number 4).

Defining a gateway reference user is how you determine which role/authorizations are assigned to users on the gateway server. Please note that the process for creating users in Multichannel Foundation does not assign any roles/authorizations to the frontend.

Login Group: Use the F4 Help to select the user group you require.

This lets you define the login user group that is assigned in the ERP backend system.

Ideally, all externalMultichannel Foundation users should have a different login user group to the internalusers. This simplifies the identification of external users and allows granular authorization settings.

If external users are allowed to create other users, then they must have the authorization to create a user in the backend as well.

It is therefore highly recommend that you restrict this authorization to a particular login group.

Security Policy: Depending on the availability of the NetWeaver release, you can define a value for a security policy for a user in the ERP backend system.

Standard Role: Use the F4 Help to select the role you require.

Define a user role in the ERP backend system that is assigned to the user (see Prerequisites, number 6), regardless of the privileges defined in Customizing.

It is recommended that you use this role to define the minimum authorizations that a user should have (for example, login to the portal/ change password, and so on), and that an external user with administrator authorization is not permitted to remove.

Note: You can assign multiple user groups per user category. For example, you may want to define user groups that can create users, and non-administrators that cannot create users. In this case, the gateway reference user should be different, as the creation of users also requires user creation authorizations on the gateway server.

1. Save your entries

1. Define User Privileges:
1. In the Dialog Structure, double-click User Group Privileges.
2. Click New Entries.
3. In the field User Privilege ID, enter the name your require.
4. In the User Group Privileges section, in the field Role, select a role that you already defined (see Prerequisites, number 6).
5. In User Privilege Description, give the user group privilege a meaningful name.
6. Save your entries
2. Assign User Privileges to Group
1. In the Dialog Structure, double-click Assign User Group and Privileges.
2. Click New Entries.
3. From the fields User Group ID and User Privilege ID, select the user group and user privilege that you wish to assign.
4. Save your entries.

Note that you must create the users using either the function module FMCA_MC_USER_CREATE1 or the OData service call that is included in ERP_FMCA_MC.

The function module FMCA_MC_USER_CREATE1 has an optional parameter called IV_USER_ROLE_ASSIGN. If this parameter is set to X, all roles that are linked to the selected user group will automatically be assigned.

Maintain the backend user privileges using the function module FMCA_MC_USER_ROLE_MAINTAIN or the OData service call that is included in ERP_FMCA_MC.

General Data in Customer Master   RFUMSV00 - Advance Return for Tax on Sales/Purchases  
This documentation is copyright by SAP AG.

Length: 8287 Date: 20240523 Time: 185458     sap01-206 ( 103 ms )