Our company is in the midst of a PI user security redesign. We have, to this point, been assigning our support personnel to the SAP_* delivered roles. We are copying/renaming all abap roles, and copying the corresponding roles in the AS Java UME and assigning to the new user groups. We run a dual-stacked system, with all user to role assignments taking place in AS ABAP.
An issue we've encountered is that new Z* version of SAP_XI_ADMINISTRATOR_J2EE does not function properly. For example, our PI Dev team is not able to edit/create namespaces. Assigning the SAP_* role back to the user corrects the problem.
In AS ABAP, we've verified the RFC authorizations in the Z* encompass all authorizations in SAP_XI_ADMINISTRATOR_J2EE. In AS Java, I've exported and imported the role multiple times, only changing the role name. Actions are left identical. I've also dissociated and associated the Z* role to the Z* user group. This still fails to function.
Am I missing a piece of the puzzle here? What could be causing the SAP* version to work, but the Z* not to?
Thanks in advance!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.