- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Problem with copying PI Standard roles
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Problem with copying PI Standard roles
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2009 6:11 AM
Hi All,
We are trying to copy SAP PI Standard roles SAP_XI_CONFIGURATOR_J2EE & SAP_XI_MONITOR_J2EE to our customized roles so that we can assign to users. Upon assigning to user with customized role the user is unable to login to Integration Repository/Integration Builder/SLD. when user login with customized roles enter SXMB_IFR & click IR/IB/SLD ->It is showing an error that USER AUTHENTICATION FAILED.
After copying from standard roles, there is no modifications done on customized roles.
But the users are able to login with standard roles but are unable to login with customized roles. We feel we need to do some configuration in Jave engine.
Please suggest on this.
Thanks in Advance,
Madhu.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2009 6:24 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2009 6:31 AM
HI Madhu,
presuming that you are on PI <7.0 versions, the authorization to the serive components are controlled by Visual Admin -> Security Services, which are mapped to SAP default roles. SAP Default role for PI doesn't include anything other than few objects, all access is controlled at Java security (Actions).
Try creating a user with SAP_ALL and SAP_NEW, then also you will not be able to login to DTR etc,
In case, you want to create your own custom roles, then you should map these roles to appropriate actions in the Visual admin -> Security services.
There are many services for each module -> IR, DTR etc
There will be no trace for such failures in ST01 (ABAP instance)
Cheers!!
Zaheer
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2009 6:41 AM
Hi Zaheer,
Thankyou very much for your quick reply. It was well explained.
We are currently using PI 7.0 version, will this change any of your suggestion?
Thanks,
Madhu.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2009 6:52 AM
Well, with PI 7.0, Visual admin has been discontinues and there is NWA, i haven't worked on PI 7.0 yet, but i presume you will find those required services in the NWA
Cheers !!
Zaheer
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2009 6:52 PM
Madhu,
You cannot have single roles modified to your naming convention in PI as they were hard coded on Java side in Visual Administrator.Have a composite role with your naming convention and add single SAP roles to that.
Adding role SAP_XI_ADMINISTRATOR_J2EE should solve your problem.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2009 2:32 AM
@ Srinu : Its about PI 7.0... and there is no Visual administrator
and there is no hard coding even in previous versions PI 7.0<, i have created custom roles and have mapped them in VA and it works in my landscape... dev, stg and prd.
@Madhu : Did you find anything in NWA ?
Cheers !!
Zaheer
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2009 6:33 PM
Zaheer..can you please explain how you mapped in VA.I would like to follow those steps to make sure that the customized roles work.we tried before and they didn't worked.
Thansk for your help in advance.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2009 3:46 AM
@ Srinu : Can you open up a new thread... just don't want to hijack this thread. Since this one is for PI 7.0. Will have this thread for PI 7.0.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2009 7:36 PM
Zaheer..PI 7.0 has VA and NWA is from PI 7.1(correct me if i am wrong)
we are on PI 7.0 and still wondering how you mapped the customized roles in VA.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2009 9:36 PM
> PI 7.0 has VA and NWA is from PI 7.1(correct me if i am wrong)
Yep, you are correct.
You can also use more granular security in the NWA. Visual Admin is all-or-nothing, so I guess the roles are as well.
I heard of a way to change the mapping so that you can change the naming convention on the ABAP side, but if I remember it was rather tricky and anyway still all-or-nothing.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2009 4:01 AM
Okay if PI 7.0 has VA, then look for security services, there will be separate component services, like com.sap..ir, com.sap....dtr, and when you will open up these services you, will notice there are actions defined under these services, which are subsequently mapped to gruops ( which are nothing but the ABAP roles). You will notice that there will be SAP defined roles, like SAP_XI_.....
You need to map your custom roles to appropriate actions within these different services.
Cheers !!
Zaheer
- SAP Managed Tags:
- Security
