In a PI landscape, the Runtime Workbench (RWB) is used for monitoring messages within this landscape.
In addition, the J2EE-based messaging components (Adapter Engines, PCK) offer possibilities for generating trace files.
XI messages stored in the persistence layer of an Adapter Engine can be observed in the Adapter Engine’s monitoring tool, which can be accessed from the PI start page. In an ordinary PI landscape, monitoring is performed by the message display tool of the RWB; in a PCK environment, it is performed by the local message display tool.
In both tools, you can restrict the monitoring permissions by three security roles called Display, Modify, and Payload. Just like with the Integration Engine monitoring, the Display role allows only message header monitoring, whereas the Payload role also allows payload monitoring.
In the RWB, the corresponding security role must be assigned to the corresponding user groups in the Security Provider service of the Visual Administrator for component sap.com/com.sap.xi.rwb*rwb_mdt.
In all monitored Adapter Engines (and also in the PCK), component sap.com/com.sap.xi.mdt*mdt is assigned to the corresponding security roles.
If you want to specify the display permission for an RWB user, the easiest way is to either assign the corresponding ABAP role SAP_XI_MONITOR_USER_J2EE (for all monitoring permissions) or SAP_XI_DISPLAY_USER_J2EE (for header monitoring only) to this user in ABAP user management, or define a new ABAP role that contains no J2EE monitoring role.
Besides being monitored, message payloads can also be traced in Adapter Engines or PCKs, depending on the trace configuration in the corresponding Visual Administrator. As each message execution in the Adapter Engine or PCK includes a generic messaging service and an adapter-specific service, each message can be traced by both services.
You configure the tracing of the PI service by setting location com.sap.aii.af.ra.ms to trace level DEBUG in the Log Configurator service of the Visual Administrator. Correspondingly, you configure the tracing for the adapter-specific services under the node com.sap.aii.adapter.
To avoid unauthorized tracing here, make sure that only a very restricted number of administrators have permission to use the Visual Administrator or to access the J2EE Engine’s file system where the trace files are stored.