A read-only role for SAP PO connection to production systems

An additional production RFC connection must be maintained to allow Int4 IFTT to connect to the production PO.
For this purpose, a new PO user should be created. This user should have only the following roles and actions assigned:

• SAP_XI_MONITOR_J2EE ( additionally, if Restrict access roles are used in Int4 IFTT, then the technical user also needs to have role XiMdt.ExtendedMonitor)

• SAP_XI_PCK_MONITOR - optionally, if you want to to read details of SAP PO objects and import them directly to Int4 Suite.

• SAP_XI_API_DISPLAY_J2EE

If ABAP stack PI needs to be accessed, the following role is also required :

• SAP_XI_MONITOR_ABAP

This set of roles will only allow creating test cases based on production messages. However, it will prevent users from sending messages to the production system once the test case is executed.
For information on how to block Int4 IFTT access to the payload of selected interfaces on the production system, e.g., due to sensitive message data, please view this page.