on 02-14-2008 6:15 AM
Hi Experts,
What is the best practice for password management of PI standard users? Shall all the users be given the same password at the time of installations? What are the implications of changing the passwords at a later stage, specially of the PISUPER user which has to be reflected in the Java stack also.
Thanks & Regards,
Shobhit
Hi,
Its always preferable to follow the same password as below instead of changing it. it may lead to abrrupt behaviour. I am not sure.
Probably below links will help you
The XISUPER user has a pwd of XIPASS.
The following service users are created during the installation, and the passwords are specified at that time. You should check with the basis people.
XIREPUSER - User for the Integration Repository
XIDIRUSER - User for the Integration Directory
XIAPPLUSER - User for sender applications
XIRWBUSER - User for the Runtime Workbench
XILDUSER - User for the System Landscape Directory
XIISUSER - User for the Integration Server
XIAFUSER - User for the Adapter Engine (communication between SLD, Integration Server, and Adapter Framework)
LSADMIN - User for the Change Management Server
http://help.sap.com/saphelp_nw04/helpdata/en/f4/67b340be3dff5fe10000000a155106/frameset.htm
Thanks
Swarup
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Swarup,
Could you also tell me what roles should be assigned to PI developers and PI administrators respectively so that the dependency on these standard users is not there to to development and configuration activities.
I understand that for some specific tasks, these standard users are required as these are service users. But in case the customer is not willing to share the password of these standard service users, can some roles be assigned to the XI developers so that they can work on IR and ID; and to XI administrators so that they can work on IR, ID, RWD and SLD all with the same password.
Thanks & Regards,
Shobhit
Hi Swarup,
Please have a look at the different roles which can be given to users.
below link will list all the roles and the affect of that roles in terms of IR,ID,RWB etc.
http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
In project:
Deveopler is given the developer rights only. Rights for creating SWCV,namespace,SLD,Alert rule,transaction rights on certain transaction is given to Basis people and they are responsible for performing the above tasks.
If customer is not willing to give password of service user then sometime Basis people assign the rights which is required for certain activities through SU01 transaction to Basis user.
Thnx
Chirag
HI
You need below Roles, even the above link will be also helpful,
SAP XI Developer
SAP_XI_DEVELOPER
SAP_XI_DEVELOPER_ABAP
SAP_XI_DEVELOPER_J2EE
SAP_SLD_DEVELOPER
SAP_XI_DEMOAPP
SAP XI Configurator
SAP_XI_CONFIGURATOR
SAP_XI_CONFIGURATOR_ABAP
SAP_XI_CONFIGURATOR_J2EE
SAP_SLD_CONFIGURATOR
SAP_XI_BPE_CONFIGURATOR_ABAP
SAP_XI_DEMOAPP
SAP DISPLAY roles
SAP_XI_DISPLAY_USER
SAP_XI_DISPLAY_USER_ABAP
SAP_XI_DISPLAY_USER_J2EE
SAP_SLD_GUEST
SAP Monitoring roles
SAP_XI_MONITOR
SAP_XI_MONITOR_ABAP
SAP_XI_MONITOR_J2EE
SAP_XI_BPE_MONITOR_ABAP
SAP_XI_DEMOAPP
SAP_SLD_GUEST
The Above Roles are must for Technical User for Developement and Monitoring. The Administrator needs below roles in addition to above roles*
SAP XI ADMINISTRATOR
SAP_XI_ADMINISTRATOR
SAP_ALM_ADMINISTRATOR
SAP_SLD_ADMINISTRATOR
SAP_XI_ADMINISTRATOR_ABAP
SAP_XI_ADMINISTRATOR_J2EE
SAP_XI_BPE_ADMINISTRATOR_ABAP
SAP_ALM_CUSTOMIZER
SAP_XI_DEMOAPP
Thanks
Swarup
All the service user passwords can be same or different. But using different passwords obviously enhances the security.
What are the implications of changing the passwords at a later stage, specially of the PISUPER user which has to be reflected in the Java stack also.
No implications if the passwords are changed properly using SAP Note 721548
But in case the customer is not willing to share the password of these standard service users, can some roles be assigned to the XI developers so that they can work on IR and ID;
Yes sure. From su01, the client can be requested to assign any specific required role to ur developers user
Regards,
Prateek
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.