Dialog Users

Each dialog user role has authorizations for multiple components of SAP NetWeaver usage type PI. The roles contain task-specific authorizations and they all contain at least display authorizations in all PI components. They are described in more detail in the following.

The following dialog user roles are provided:

·        SAP_XI_DISPLAY_USER

The display user is able to display the entire content of the Integration Repository and Directory, the System Landscape Directory (SLD), the Integration Engine/Server, and so on.

·        SAP_XI_SUPPORT

The support role provides all display rights of SAP_XI_DISPLAY_USER plus additional read-only access rights to specific administration pages of the Integration Server’s J2EE engine.

This role is required for SAP support using Solution Manager Diagnostics (SMD).

·        SAP_XI_DEVELOPER

The developer is responsible for all activities within PI that affect the design and development of integration processes.

In particular, this means the design of scenarios, interfaces, and mappings in the Integration Repository using the Integration Builder. The tasks of a PI developer also include generating proxies (ABAP and Java) and implementing them in the associated business systems.

·        SAP_XI_CONFIGURATOR

The configurator is responsible for all activities within PI that affect the configuration of integration processes (integration content).

In particular, this means

0     The settings for logical routing, mapping, and technical routing in the Integration Directory

0     The maintenance of the SLD

0     The maintenance of the configuration data for the IDoc adapter (metadata on the ABAP side)

0     The configuration settings of the Adapter Engine

·        SAP_XI_CONTENT_ORGANIZER

The content organizer is responsible for activities within PI that affect the organization and structuring of the contents of the SLD. More precisely, this means maintaining and importing software components in the SLD.

These are tasks that are usually not performed by a developer or a configurator.

·        SAP_XI_MONITOR

The monitor is responsible for all activities within PI that affect monitoring.

In particular, this means

0     Monitoring XML message processing and message throughput

0     Troubleshooting and status tracking of XML messages

0     Monitoring the processed IDocs and RFCs in the corresponding adapters (on the ABAP side)

0     Monitoring the messages sent or received by the Marketplace adapter

By using the authorization object S_XMB_MONI, you can grant authorizations for monitoring depending on partner, service, and interface. For more information, see the documentation for this authorization object.

·        SAP_XI_ADMINISTRATOR

The administrator is responsible for all activities within PI that affect the technical configuration and administration.

In particular, this means the settings for the Integration Engine/Server, the Integration Builder, the SLD, the Runtime Workbench, the IDoc adapter, and the Marketplace adapter.

The administrator is also responsible for maintaining the PI profile data in the exchange profile.

·        SAP_SLD_ADMINISTRATOR

The SLD administrator is responsible for all activities that affect the administration of the SLD.

·        SAP_SLD_CONFIGURATOR

The SLD configurator is responsible for all activities that affect the configuration of the SLD.

These roles are equipped with role menus, which are available and displayed as user menus on the initial SAP Easy Access screen.

Make sure that the authorization profiles of these roles have been generated (call transaction PFCG on your AS-ABAP host and choose Utilities ® Mass generation; enter SAP_XI*and select Generate automatically).
Also make sure that the user master records containing these roles have been compared (call transaction PFCG on your AS-ABAP host and choose Utilities
® Mass comparison; enter SAP_XI* and choose Execute).

The users entered in AS-ABAP are automatically available in AS-Java for logging on to the Integration Builder, SLD, Runtime Workbench, and Marketplace adapter. This means that user authentication takes place In AS-ABAP.

After installing AS-ABAP, the roles are also automatically available In AS-Java. Here they appear in the form of User Groups on the J2EE administration user interface. The authorizations required for the J2EE components (J2EE security roles) are assigned during deployment.