This tutorial gives you information on preparing a custom role for the production SAP PO system to restrict access to the message content of a specific interface only.
We created this page based on the information from Michal Krawczyk's blog and SAP Note 1370334.
...
This tutorial limit access to particular services. It is also possible to control access to interfaces, and the details are presented in SAP Note 1370334.
4. Replace in the action.xml XYZ tag and put the service that should be accessible by this role. If there is a need for more than service, you need to create separate actions. Then all actions need to be assigned to the role by multiple occurrences of the ASSIGNEDACTION node in the ROLE node.5.
5. Save action.xml and update sap.com~com.sap.xi.mdt.actions.ump. Subsequently replace this archive in the main ear file.
...
9. Search for the 'config service' phrase.
10. Choose "XPI Service: All Config Service" then in the "Properties" bookmark, choose the "Add" button
11. Add a new property with this data:
Name: com.sap.aii.rwb.server.auth.UME
Value: true
...
13. Go to the user management bookmark and create a new PI user with these roles:
SAP_XI_PCK_MONITOR
INT4
