cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting the manual posting of data from RWB

Former Member

on ‎09-23-2013 3:01 PM

0 Kudos

Hi All,

For a business critical interface, there is a requirement from client, that the messages should not made possible to be posted manually from PI – our PI support team has access to post messages through RWB.

I have gone through the link, "http://scn.sap.com/thread/1817370" and understand that removal of role, SAP_XI_RWB_SERV_USER_MAIN would restrict the access. But this option for restricting the user roles cannot be considered, since it would impact the steady state processes.

Can you please let me know if you are aware of any other options for the RWB restriction of specific interfaces?

Kindly note that we are using SAP PI 7.01 version.

Best Regards,

Roslin Joseph

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎09-24-2013 3:26 PM
0 Kudos

Hello Roslin,

I'm not sure whether this is available on PI 7.0 (or is it 7.11?), but do you have a User Access Control List in your sender interface? This way you could restrict users allowed to post messages specifically for that interface - provided the PI team doesn't know the user the sender system uses. You need to make sure then that the PI team cannot change that list, which is probably a good idea, anyway.

I don't see any other option to restrict access to just that interface.

This will only work if you use an adapter on AE, so no IDOC or HTTP.

Regards,

Jörg

Show replies
Show replies
Former Member
‎10-16-2013 10:37 AM
0 Kudos

Hello Jörg,

Many Thanks for your inputs. I had not clearly mentioned the end-to-end scenario in my initial post. At the sender, its an SAP ECC system and we are using an ABAP Proxy connection from ECC to PI.

We checked for the feasibility of the User Access Control list, but since this Business System is already used for other interfaces, implementing this option would have a negative impact on those interfaces and cannot be considered.

We are now checking for any other options available can help us to achieve this.

Best Regards,

Roslin Joseph

Former Member
‎10-16-2013 1:12 PM
0 Kudos

Hello Roslin,

I can only think of some "authorization check" in a mapping then. You check for the user executing the call and throw an exception if it is not the desired one. But I don't like this option very much, since a mapping should be a mapping and not an authorization check and since it is still required that the support team doesn't know this user and password. I'm not sure whether you'll be able to find a nice solution at all.

Good luck!

Jörg

Ask a Question