on 05-27-2015 9:47 AM
So, we are in the process of upgrading our PI systems from 7.11 to 7.40. We have always had problems with J2EE authorizations in the past, but now I am facing some challenges I hope you can help me with.
a) Some aspects that have worked in the past do not work any longer. For example, our developers cannot access message payloads anymore. Let me explain, that we have a very strict separation of duties and authorizations between admins, developers and support. Developers are supposed to be able to view message payloads (at least in the pre-production systems), but not edit them. I have created a J2EE role for that purpose including all 6 "payload" actions available in the UME, so far that has worked fine. After the upgrade it does not seem to be enough, developer trace says "com.sap.aii.mdt.api.exceptions.AuthorizationFailedException: Your user does not have the required authorizations for this activity"
b) Along with the upgrade I am trying to set up new "last level" users for developers to be able to perform certain tasks on production systems in case of malfunctions. They are not supposed to simply get admin rights, but I want to be able to toggle between e.g. viewing and editing message payloads, viewing and editing configuration data and so on. I cannot find any proper guides on those things and support just keeps telling me to assign roles like SAP_XI_ADMINISTRATOR(_J2EE) and so on. This is not how our authorization concepts work! In the ABAP world SAP keeps telling us to not use standard roles, but copy them and fit them to our needs. I refuse to believe that this should not be possible in the J2EE world.
Does anybody know any useful guides or documentation about the needed authorizations? Or maybe someone else is having similar problems, so we can at least work together on some aspects trying to find out the necessary actions on our own?
Did you check the special actions on SAP help?
Special Actions - SAP NetWeaver Process Integration Security Guide - SAP Library
Here special "edit" actions are available. Please check.
Best Regards
H.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mario,
Has the issue resolved?
Can you please close this thread if your query has been resolved!!!!
Also please reward points for the helpful answers...
Regards
Vishnu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Your answers have been helpful, thanks. But I do not consider this issue resolved. I am looking for comprehensive documentation about PI Java authorizations, the two documents so far are less than a single page each and generally only focus on message monitoring, that's not all there is to the PI. e.g. I had a developer last week who was trying to access the Services Registry. I assigned him SERVICES_REGISTRY_READ_WRITE, but it did not help. I had to open an OSS message to learn that UDDI_Admin is also necessary for that. Things like that have to be documented somewhere, I don't want to keep opening tickets!
Hello Mario ,
Here is another link that might be helpful ;
Thanks
Hi Mario,
Can you please check below links. Hope they are helpful.
http://help.sap.com/saphelp_nw73ehp1/helpdata/en/45/951838644f4b12822900e1b127166d/content.htm
Special Actions - SAP NetWeaver Process Integration Security Guide - SAP Library
Regards
Vishnu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.