Logical roles provide authorization for mobile business objects and operations during development.
The SAP Mobile Platform supports two types of roles:
When deploying MBOs to a SAP Mobile Server, you can map logical roles to existing physical roles that are located on the SAP Mobile Server. The mapping transfers authorization and other properties from the physical role to the logical role.
The need for role mapping exists because, in most cases, any role-based authorization used while developing an MBO is invalid once the MBO is deployed to the SAP Mobile Server, since it is likely the SAP Mobile Server uses a different security mechanism/set of roles, or the data source changes and uses different authorization than used during development.
If development and SAP Mobile Servers do use the same set of roles, you can map the logical role name directly to the physical role when deploying the MBO. See Packaging and Deploying Mobile Business Objects.
The Roles folder contains user-defined roles, that can be modified and reused.
Role assignments are not propagated from the mobile business object to the operations it contains. If you want to control access to any operation, you must explicitly set the appropriate role ( by default, if no role is assigned then the operation is assigned the role 'everybody' which allows unlimited access).