SAP MI uses the authorizations provided by SAP NetWeaver AS. The security recommendations and guidelines for authorizations described in the SAP NetWeaver Application Server Security Guide also apply, therefore, to SAP MI.
The authorization concept of the SAP NetWeaver AS is based on the assignment of authorizations to users on the basis of roles. Use the profile generator (transaction PFCG) for role maintenance on SAP NetWeaver AS ABAP and the user administration console from the User Management Engine on SAP NetWeaver AS Java.
Access to data and applications on the SAP MI Client Component is controlled by user-specific data filtering based on the SAP authorization concept. For more information, see Defining User-Specific Data Filtering.
You must create the following roles in the SAP MI Server Component:
? Role for the end user of the mobile application (see Creating Individual Users)
Technical role for all users that is used to assign synchronization authorization for the SAP MI Server Component. User-specific data filtering is also controlled by this role.
? Role for service users for anonymous synchronization (see Creating Service Users)
? Role for administrators in ABAP (see Creating Individual Users)
? Role for administrators of the SAP NetWeaver Mobile Administrator (see Setting Up Administrator Users)
? Role for administrators of Computing Center Management System
Once you have created the roles, you can edit them and assign the authorization objects to them. For more information about editing roles, see Role Editing.