cancel
Showing results for 
Search instead for 
Did you mean: 

User Roles and Authorizations between PI and ECC

laxman_molugu
Participant
0 Kudos

HI,

I am looking for Roles and Authorizations needed for communication between PI and ECC.

I have Idoc/RFC and Proxy Interfaces, also currently interfaces are running but we gave more than required roles like SAP_ALL/SAP_New. I am looking for needed roles.

Proxy Communication:

ECC-> PI : the User PIAPPLUSER good?

ECC -> PI : Should I use the Same User?

Idoc/RFC Communication:

ECC-> PI :?

PI-> ECC: ?

Please let me know the best practice for these user roles.

Thanks,

Laxman

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Laxman,

Check these links:

http://help.sap.com/saphelp_nw04/helpdata/en/58/d22940cbf2195de10000000a1550b0/content.htm

/people/michal.krawczyk2/blog/2005/05/25/xi-how-to-add-authorizations-to-repository-objects

http://help.sap.com/saphelp_nw04s/helpdata/en/d4/d12940cbf2195de10000000a1550b0/content.htm

Thanks,

laxman_molugu
Participant
0 Kudos

Hi Hareenkumar,

I don't think these links answers my question. Any other input is highly appreciated.

Thanks,

Laxman

Answers (3)

Answers (3)

Former Member
0 Kudos

Hi

These users will be system type category and the cusotm roles should be built based on the security documentation , provided by the PI or IDOC implementation guide.

Please refer the security guide , which has the required  objects and values , since it is a system user , no need to worry on risk on granting such high level access such as SAP_ALL & SAP_NEW profiles.

Again creating a system user type for interface's users with this profile will be used across all category interfaces.

If we are going to use specific roles might involves changes on the roles assigned to that interface id, used across as a common user across all the interfaces  as it needs testing ,time and money to be  spent on it

Regards,

AJ

laxman_molugu
Participant
0 Kudos

Gave SAP_ALL

Former Member
0 Kudos

Have a look at this one;

http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm.

Normal cases we create a user for back ground job scheduling, WF batch user and Interface user with different profile and this users password will not be shared to rest of the team except administrator.

In case if you want to revoke SAP_ALL & SAP_NEW you may have to find out few RFC authorization objects needed for these activities to carry on without any issues.