on 02-26-2014 12:47 PM
Hi All,
I need to know the minimum authorization role required for creating a USER that can be shared with other end users/ third party client for consuming a web service hosted in PI.
Is there any role/s, to just invoke the WS and which doesn't allow any access to edit IR, ID, SLD, etc, objects.
Thanks in advance,
Shashank
Hi Shashank
Just checked one of the Web service user in our landscape which is being used by third party to make calls to PI
User Type : System
Roles: SAP_XI_APPL_SERV_USER : Process Integration: Service User for Application Systems
Profile: T_YB250030 (not sure if its custom)
Regards
Srinivas.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Create a service user with SAP_XI_APPL_SERV_USER role then ur sender system can only consume the webservice hosted on PI and since u have created service user so this cannot be used to login the system and edit ESR/ID objects
Thanks
Amit Srivastava
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Shashank - Did you try assigning only the role "SAP_XI_APPL_SERV_USER"?
I'm sure it doesn't have edit access in ESR,ID and SLD/RWB etc and it's mandatory for webservice communication.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Haresh,
I've just tried to access with that role because our third-party consumer users have only that role (and created like service users), and i have had access to SLD, ESR/IR and ID, i can see all although i cant change anything.
I think the only way to restrict this access, it's to have open the port 50000 to invoke the WS and to close the others 50XXXX ports to internet to avoid to access to developing tools or to do a MZ/DMZ infrastructure, etc
Regards.
User | Count |
---|---|
83 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.