The UserRoleAuthorizer provider grants logical roles to specific users when the user's roles cannot be retrieved by the configured login module from the back end. You cannot manually configure this provider.
This provider is part of all security configurations that are created or updated in SAP Control Center. UserRoleAuthorizer simply implements the checkRole method to compare the physical role name passed in to the current user name.
This authorizer allows the role check for the role "user:"+userName to succeed. For example, with this authorization module enabled, a domain administrator can use SAP Control Center to map DCNRole to "user:jsmith". The user who authenticates as jsmith is then added in the physical role user:jsmith and is granted the logical DCNRole and can perform DCN.