cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Documentation for PI ABAP roles

Former Member

on ‎02-18-2008 1:22 PM

0 Kudos

Hi all,

is there a general documentation for the PI ABAP roles? I assume something like that:

- User should access J2EE Adapter Engines / SOAP Adapter (used for sending a Webservice to PI from a 3rd Party Application) --> necessary role abc

- User should be able to process Alerts in Alert Inbox --> necessary role def

- User should be able to create repository objects --> necessary role ghi

- User should be able to create scenario objects in intergration directory --> necessary role jkl

What I still don't know which ABAP role is used for which purpose. We'd like to assign minimal roles to the users.

BR

Holger

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

nisarkhan_n
Active Contributor
‎02-18-2008 1:32 PM
0 Kudos

Pls check this link

http://help.sap.com/saphelp_nw04/helpdata/en/58/d22940cbf2195de10000000a1550b0/content.htm

i think mainly the roles are classified into the Developer and configuraiton categeory...

i mean for ex you want to work on the SLD from developer end only assign developer roles which will allow him to voew it if he gets configuration he can change things

For Minimum user roles you can assign these from developer point of view make sure you cangiving only developer specific roles in SLD, IR etc...

Show replies
Show replies
Former Member
‎02-18-2008 1:30 PM
0 Kudos

Hi,

Check in this link:

http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm

For alerts refer this:

The following predefined user roles are available for customizing and administration:

• SAP_BC_ALM_CUST for customizing authorization.

• SAP_BC_ALM_ADMIN for administration authorization. The administrator has the authorization for all activities. He or she can also read and confirm alerts for other users. In addition, the administrator can execute report RSALRTPROC to delete, escalate, and deliver alerts as well as to delete logs.

• For the sending of alerts via external communication methods (e-mail, sms, fax) and for inbound processing, an RFC user has to be created on the central alert server with the role SAP_BC_ALM_ALERT_USER. The authorization objects contained in this role are S_OC_SEND and S_RFC.

• Accessing alert inbox the userid has to have the role SAP_XI_MONITOR.

• SAP_ALM_ADMINISTRATOR - Alert Management Administrator Give this rights

Refer the SAP_XI_ADMI topic and see the roles.

http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm

Refer link for user roles: http://help.sap.com/saphelp_nw2004s/helpdata/en/74/03b140ade49c2ae10000000a155106/content.htm

Roles needed for IR and ID:

Role: SAP_XI_Developer

SAP_XI_DEVELOPER (Composite)

SAP_SLD_DEVELOPER

SAP_XI_DEMOAPP

SAP_XI_DEVELOPER_ABAP

SAP_XI_DEVELOPER_J2EE

Role: SAP_XI_Configurator

SAP_XI_CONFIGURATOR (Composite)

SAP_SLD_CONFIGURATOR

SAP_XI_BPE_CONFIGURATOR_ABAP

SAP_XI_CONFIGURATOR_ABAP

SAP_XI_CONFIGURATOR_J2EE

SAP_XI_DEMOAPP

Regards,

Nithiyanandam

Edited by: Nithiyanandam A.U. on Feb 18, 2008 2:31 PM

Show replies
Show replies
Former Member
‎02-18-2008 1:27 PM
0 Kudos

Hi

The XI Java auths work by reading the role titles from the ABAP stack which correspond to groups in the Java stack. These groups are assigned privileges in the Java system.

This way, it is possible, via SU01 in the ABAP stack, to manage user access in both places. I can only imagine that SAP wanted the facility to segregate access in the different stacks, hence being able to give certain admin functions only in ABAP or Java. As there are things that you can only configure via the Java side, it makes sense to be able to provide a certain level of granularity in addition to whatever functions the user needs to perform in the ABAP stack

Refer below links to assign the roles

http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm

http://help.sap.com/saphelp_nw04s/helpdata/en/56/361041ebf0f06fe10000000a1550b0/content.htm

Thanks

Swarup

Show replies
Show replies
Former Member
‎02-18-2008 1:37 PM
0 Kudos

Hi all,

thanks for your replies. What I still don't know is which to role is necessary for accessing an adapter from a 3rd party application, e.g. sender SOAP adapter or sender HTTP adapter.

BR

Holger

Former Member
‎02-18-2008 2:08 PM
0 Kudos

HI Holger,

I think there is some confusion, you don't nee any extra roles to be assigned to access the adapter such as SOAP or HTTP from 3rd party system. In Communication Channel you set the User Authetications that are important for validation.

Whenever any User from 3rd party will access the adapter you could be able to reach the adapter.

Here the security is to be added to the method or API you have used in 3rd party system for particular ID.

for e,g, If R/3 will be calling RFC and trying to access RFC adapter on XI, then the User on R/3 should have proper authorizations to call RFC.

Thats it.

Thus you need to check which authorization checks have added to call send the call to XI on that basis you need to assign the roles to user. These are application specific so no standard Roles avaialble for it.

thanks

Swarup

Former Member
‎02-18-2008 2:14 PM
0 Kudos

Hi Swarup,

that's a little bit confusing. When I try to access the URLs for Sender SOAP Adapter / Sender HTTP Adapter, I get in general a http code 401 = unauthorized. That would mean that I'll have to provide a valid user / pw to access these adapters. So I'd expect special roles therefore(?)

When I enter in popup for user / pw my own user, I can access these communication channels (as my own user has all roles).

BR

Holger

Ask a Question