Skip to main content

Angles for SAP IT Management Console

System roles

The authentication model of Angles for SAP is based on roles. A role is a set of privileges allowing a specific user to access a certain part of the data or execute certain tasks. These privileges can be set in three ways:

  • Allow - the user is allowed to perform this task.

  • Deny - the user is never allowed to perform this task.

  • Undefined - this role does not control this task.

Combining roles

Roles can be combined. You can do so by attaching subroles to a role or by assigning multiple roles to a user. To combine roles, go to Models[Model name]Roles. See also Roles for more information.

Note that for role combinations, the following rules apply:

  1. Deny overrules all other settings.

  2. Allow only overrules Undefined.

  3. Undefined equals Deny, unless a role specifically does Allow you to and none of the combined roles is assigned Deny.

Adding a role

To add a new role

  1. Click Create new role.

  2. Enter the Role ID and the Role description. The following characters are allowed: a-z, A-Z and _ .

  3. Click Create.

  4. Determine the authorizations under Assigned roles.

    • Manage users - allows managing users within the system. For managing model roles, the model role privilege Manage model is required. For more information, see Roles.

    • Manage system - allows managing the global settings, setting up and managing models and managing automation tasks.

      This role deviates from the normal privilege determination rules. An administrator who has the Manage system role assigned, is allowed to manage models and automation tasks even when the Manage model role is set to Undefined. Only when the Manage model role is set to Deny, the administrator is not allowed to manage that specific model and its automation tasks. Manage system is required for managing Datastores.

    • Allow impersonation - allows impersonating other users. Used by the ZEA03N SAP transaction. Not allowed in combination with any other privileges.

    • Management access - allows accessing the management console. Management access is allowed when one of the following privileges is assigned: Manage system, Manage users or model role Manage model.

    • Schedule Angles - allows scheduling Angles directly from the Web Client.

  5. Optionally, you can enter a comment and add an attachment.

  6. Click Save.

Editing a role

To edit a role

  1. Click Edit.

  2. Make the necessary changes.

  3. Click Save.

Deleting a role

Make sure not to delete the SYSTEM_ALL role: system administrators use this role to log on to the IT Management Console.

To delete a role

  1. Click Delete.

    A Confirmation window appears.

  2. Click OK.

    The role is deleted from all user profiles to which it was assigned.