on 12-15-2010 6:18 AM
HI,
I am looking for Roles and Authorizations needed for communication between PI and ECC.
I have Idoc/RFC and Proxy Interfaces, also currently interfaces are running but we gave more than required roles like SAP_ALL/SAP_New. I am looking for needed roles.
Proxy Communication:
ECC-> PI : the User PIAPPLUSER good?
ECC -> PI : Should I use the Same User?
Idoc/RFC Communication:
ECC-> PI :?
PI-> ECC: ?
Please let me know the best practice for these user roles.
Thanks,
Laxman
Hi Laxman,
Check these links:
http://help.sap.com/saphelp_nw04/helpdata/en/58/d22940cbf2195de10000000a1550b0/content.htm
/people/michal.krawczyk2/blog/2005/05/25/xi-how-to-add-authorizations-to-repository-objects
http://help.sap.com/saphelp_nw04s/helpdata/en/d4/d12940cbf2195de10000000a1550b0/content.htm
Thanks,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
These users will be system type category and the cusotm roles should be built based on the security documentation , provided by the PI or IDOC implementation guide.
Please refer the security guide , which has the required objects and values , since it is a system user , no need to worry on risk on granting such high level access such as SAP_ALL & SAP_NEW profiles.
Again creating a system user type for interface's users with this profile will be used across all category interfaces.
If we are going to use specific roles might involves changes on the roles assigned to that interface id, used across as a common user across all the interfaces as it needs testing ,time and money to be spent on it
Regards,
AJ
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Gave SAP_ALL
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Have a look at this one;
http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm.
Normal cases we create a user for back ground job scheduling, WF batch user and Interface user with different profile and this users password will not be shared to rest of the team except administrator.
In case if you want to revoke SAP_ALL & SAP_NEW you may have to find out few RFC authorization objects needed for these activities to carry on without any issues.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.