To successfully log in to SAP Build Work Zone, users and assigned authorizations need to be available across several components of the overall solution architecture. This includes the usual SAP BTP subaccount level user, and role (collection) assignment. Furthermore, SAP Build Work Zone and SAP SuccessFactors Work Zone additionally require service-specific user persistence and role assignment, both on the service level (tenant) as well as within the Digital Workplace Service (DWS) layer.
To be able to access SAP Build Work Zone or SAP SuccessFactors Work Zone, users must be assigned to one or more default role collections that are created upon subscribing to this service on the subaccount level. Additionally, an XSUAA shadow user (to which these role collections are assigned and mapped) on the SAP BTP subaccount → Security → Users.
Shadow Users can be created in three ways, not all of which are specific to SAP Build Work Zone, but are uniformly used and available when using any service on the SAP BTP multi-cloud (CF) environment:
Role collections can also be assigned in multiple ways, not all specific to SAP Build Work Zone but uniformly used and available when using any service on the SAP BTP multi-cloud (CF) environment: