You, as a system administrator, observe that not all the business roles are displayed when trying to assign them to a business user in the Edit Access Rights screen.
SAP Cloud for Customer
Reproducing the Issue
- Go to the Administrator work center
- Access the Business Users work center view
- Select a user and click the Edit button, then select the Access Rights option.
- Navigate to the Business Role Assignment tab
- Here, you only see a fraction of the business roles available in the system.
From version 1702 onwards, a categorization was introduced separating business roles into local or global business roles. This means that, depending on the administrator's access rights, they can be a local or global administrator and will see the business role depending on their scope restrictions (i.e. a local administrator will see only local business roles, while global administrators will see all business roles).
While creating a business role, you can choose if it will be a local role or global role through the Scope field in the General tab of the business role. By default, the system determines the scope restriction (local/global) automatically, but you toggle the Select Scope Manually option to set it yourself.
What determines whether an administrator has local or global restriction is the assignment of work center view SEOD_ADMIN_SETUP_WCVIEW - General Settings.
As such, if you wish to change this situation, you can either assign this view to the relevant administrators or change the Scope restriction of the business roles.
business role, local, role, scope, administrator , KBA , SRD-CC-IAM , Identity & Access Management , How To