SAP Knowledge Base Article - Public

2502508 - Administator User Cannot See All Business Roles When Editing User's Access Rights

Symptom

You, as a system administrator, observe that not all the business roles are displayed when trying to assign them to a business user in the Edit Access Rights screen.

Environment

SAP Cloud for Customer

Reproducing the Issue

  1. Go to the Administrator work center
  2. Access the Business Users work center view
  3. Select a user and click the Edit button, then select the Access Rights option.
  4. Navigate to the Business Role Assignment tab
  5. Here, you only see a fraction of the business roles available in the system.

Cause

From version 1702 onwards, a categorization was introduced separating business roles into local or global business roles. This means that, depending on the administrator's access rights, they can be a local or global administrator and will see the business role depending on their scope restrictions (i.e. a local administrator will see only local business roles, while global administrators will see all business roles).

While creating a business role, you can choose if it will be a local role or global role through the Scope field in the General tab of the business role. By default, the system determines the scope restriction (local/global) automatically, but you toggle the Select Scope Manually option to set it yourself.

Resolution

What determines whether an administrator has local or global restriction is the assignment of work center view SEOD_ADMIN_SETUP_WCVIEW - General Settings.

As such, if you wish to change this situation, you can either assign this view to the relevant administrators or change the Scope restriction of the business roles.

Keywords

business role, local, role, scope, administrator , KBA , SRD-CC-IAM , Identity & Access Management , How To

Product

SAP Cloud for Customer add-ins all versions