cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP XI/PI security Issue -need to restrict ID change access based on Object

Former Member

on ‎11-30-2009 10:32 AM

0 Kudos

Hi All,

We are using XI/PI for our integration requirements and we are facing a security related issue. We are using same box for Export Compliance and non Export Compliance integration scenarios and we have provided data level restriction by filtering EC namespaces in authorization roles.

However now there is another concern that anybody can change the ID objects in XI system and route the message to a diff server or directory location if it is a file based interface. So anybody has any idea how we can restrict change access to a specific ID objects?

Say for example I want restrict the change access to the communication channel u201CCC_TestInterfaceu201D. Our XI system version is 7.0 with SP level 17.

Please advice

Thank you

Vijaya

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎11-30-2009 6:07 PM
0 Kudos

Hi Vijaya,

For this we have to create the Roles.

Actually this issue is related to the BASIS.

go to PFCG (T_code for creating the roles). After give some role name (select it is single role or multiple roles) then click on create.

In the menu tab add the T-codes (this t-codes can be accessed by this roles)

In the Authorization tab click on display authorization data then click on changes then click on activity then it asks the permitions now you can select the permitions (create/generate , change, display ,...)

We can select the required permitions.

We assigned this permition to a particulat t-code, so when we give this t-code to particular users then they can access only those permitions what we have already given.

For other info

http://help.sap.com/saphelp_nw04/helpdata/en/f4/67b340be3dff5fe10000000a155106/content.htm

Regards

Ramesh

Show replies
Show replies
former_member200962
Active Contributor
‎11-30-2009 10:50 AM
0 Kudos

Following a similar methods as it is mentioned in this blog may help you: /people/michal.krawczyk2/blog/2005/05/25/xi-how-to-add-authorizations-to-repository-objects

ID --> Tools --> User Roles --> New

Also refer: http://help.sap.com/saphelp_nw04/helpdata/en/f4/67b340be3dff5fe10000000a155106/content.htm

Regards,

Abhishek.

Show replies
Show replies
Former Member
‎12-17-2009 5:36 PM
0 Kudos

Thanks for your responses. We are looking at restriction in the integration directory and it does not seem to work. I add include in the selection path and exclude in the object it permits for only that object and blocks all other objects. We are using services without party. Multiple selection in the party list also blocks the access. Are there any known bugs that exist? Any help will be highly appreciated

Thanks

Vijaya

Former Member
‎12-17-2009 8:04 PM
0 Kudos

Hi,

Go to PFCG transaction and give some role name and click on create.

After in the menu tab add the T-Codes what ever you want to give to this partucular role.

In the authorizations tab click on display authorization data then go to change mode -> activity then select the corresponding object in the maintained option and give the permitions like read, write, delete what ever you want.

And in the user tab give the user names (whoom do you want to give these roles).

Actually this is related to the BASIS issue, so you may not having the above t-code authorization. better to contact your basis team.

Regards

Ramesh

Ask a Question