The BlueWorx record for Users is not the same as their SAP User Record (SU01) and SAP Roles. These must still be maintained in SAP to complement the BlueWorx User Profiles and BlueWorx User Settings being allocated and according to all SAP access points. This is important because while the BlueWorx profiles assigned to a User can control what data they see through the BlueWorx application access point it does not control what access a User might have were they to logon directly to SAP via other access points like the SAP GUI or Business Client. Conversely, giving a User the ability to Create and Edit Orders in BlueWorx just exposes those options in the application, it does not grant SAP authorisation which must be done separately.
Important: When considering security, you also have to appreciate that the master data being retrieved from SAP comes from BlueWorx tables, which consists of pre-assembled flattened data to make Sync retrieval faster. As such there is no read data authorisations SAP authorisation checks for master data (i.e. FL's, Equipment, Measurement Points, Materials). The retrieval of Work Orders, Notifications and all SAP transactional updates back into SAP are processed using BAPI's, so all updates do abide by SAP security rules.
SAP Security Profile Objects
Given the nature of role security and the associated responsibility, pre-delivered roles are not available from us. The attachment provides SAP security profile information (SAP transaction PFCG) for BlueWorx Users and the Batch User to be used for processing Inspection Results. This information is a snap-shot in time of the SAP security objects triggered through the use of BlueWorx in an early release.
Additional functionality added to BlueWorx over time can add to these requirements. The attachment is therefore provided as starting position for authorisation development by qualified SAP authorisation specialist who will take into account the customers rules and requirements. All developed authorisation profiles should be independently tested as per the customers SOPs.