what is the relation between and portal objects and security permissions?
I have some questions about role assignments and their relation with security permissions
We have implemented ESS and MSS on EP 6.0 and R/3 4.7 through external ITS 620.
With the deployment of the pckages a role "Manager HCM" (com.sap.pct.hcm.manager) was created for MSS but no role for ESS was created.
So I created a new role and assigned all the ESS related work sets to that new role.
Every thing is fine for ESS but i started facing problems with MSS.....especially with "ESS in MSS" work set was giving many problems......all the iviews in this workset were throwing Portal Run Time error and when I checked the log files i came to know that the "End User" check box was not selected for the role "Manager HCM".
So i opened the portal permission under System Administration --> Permissions --> Portal Permissions and here selected the Ensd User check bos for this role.....even after this i was getting the same error....then i selected the "End user" check bos under security zones also......but even after that i was gettgin the same error.....after carefully checking the log files i noticed that the role has no access to "Security Zones --> com.sap.portal --> com.sap.portal.ep50 --> ep50_safety".......here i selected the "End User" box for my role and the problem got rectified......
Also i was getting this error only for "ESS in MSS" workset only...all the other worksets in MSS are working fine....
The similar error occured when i configured Universal Work List also....
Now my question is that
1) even though i did not do any thing for my cutsom created role for ESS every is working fine...but for MSS which is a default role that comes with the business package why is it needed to assign the end user box...
2) also can some one please tell me what is this end user check box and what is its significance in portal?
3) also tomorrow if i import some other business package, the roles/users for that BP too have to be selected as "End User"?
4) can you please tell me how will this entire mechanism work? what is the relation between a role/user and the "End User" check box?
5) And why is this selection needed for only few portal objects and why not for every object?
thanks in advance