(3.10) Custom user role for SAP PO connection to production systems: access to specific interfaces only
- Marcin Galczynski
This tutorial provides instructions for preparing a custom role in the production SAP PO system to restrict access to the message content of a specific interface only.
This content is based on the SAP Note 1370334.
Step-by-Step Guide
Download this archive.
Extract the contents and unpack the file named "sap.com~com.sap.xi.mdt.actions.ump".
Unpack files from this archive and edit actions.xml file. Here is an example of the required structure:
This tutorial limit access to particular services. It is also possible to control access to interfaces, with additional details provided in SAP Note 1370334.
4. Replace the XYZ tag in the actions.xml with the service that should be accessible by this role. If more than one service is required, create separate actions for each service. Then all actions need to be assigned to the role by multiple occurrences of the ASSIGNEDACTION node in the ROLE node.
5. Save action.xml and update sap.com~com.sap.xi.mdt.actions.ump. Subsequently replace this archive in the main ear file.
6. Deploy sap.com~com.sap.xi.mdt.actions.ear to the PI server.
7. Go to the address http://<host>:<port>/nwa/sys-config
8. Go to the "Service" link.
9. Search for the 'config service' phrase.
10. Choose "XPI Service: All Config Service" then in the "Properties" bookmark, choose the "Add" button
11. Add a new property with this data:
Name: com.sap.aii.rwb.server.auth.UME
Value: true
12. After completing these steps, restart the PI Server
13. Go to the User Management link and create a new PI user with following roles:
SAP_XI_PCK_MONITOR
INT4
Related content
© 2017 - 2022 Int4 AG All rights reserved