Creating Service Users

Use

You require two service users:

?      One service user for synchronization

This service user is used to perform an anonymous synchronization. This is useful, for example, in the following situations:

0       To get the UTC time (when using a TIME_AGENT parameter set)

0       To generate error messages when errors occur during the synchronization process

0       To create setup packages using the Mobile Administrator

?      One service users for administration

This user is required for communication between the systems, for example, to display data in the Mobile Administrator.

Alternatively, you can also use an individual administrator user here. For security reasons, we recommend using a service user with limited authorizations and without a dialog authorization.

The service user for the administration is used to access systems using an RFC. For example, you would enter this service user in the following cases:

0       When deploying the jra for the Mobile Administrator (see Deploying the JRA for the Mobile Administrator)

0       When establishing the JCo-RFC connection (see Enabling Mobile Component Uploads)

0       When setting up the synchronization monitors (Activating Synchronization Monitors)

If you configured the MI usage type automatically using the template installer in the SAP NetWeaver Administrator, you do not have to create the service users for the administration.

Defining Roles for Service Users for the Synchronization Process

...

Check whether the role for the service user exists. If not, define one:

       1.      Create an authorization profile without a template and add the following authorization objects to it.

Authorization Objects for the Service User (Synchronization)

Authorization Object

Field

Value

S_ME_SYNC

ACTVT

38 (Synchronization)

S_RFC

ACTVT

16

RFC_NAME

SUSO (Detailed error message determination)

ME_USER (Synchronization)

BWAF_MW (Synchronization)

BWAF_MOMO (Synchronization)

SYST

SRFC

SG00

SDIFRUNTIME

RFC1

       2.      Generate the profile and save the role you created.

Defining Roles for Service Users for the Administration

Check whether the role for the service user exists. If not, define one:

...

       1.      Create an authorization profile without a template and add the following authorization objects to it.

Authorization Objects for the Service User (Administration)

Authorization Object

Field

Value

S_RFC

ACTVT

16

RFC_NAME

RFC1 (Java Connector)

SDIFRUNTIME (Java Connector)

SYST (Java Connector)

SG00 (Java Connector)

SRFC (Java Connector)

SYSU (Java Connector)

SUSO (Detailed error message determination)

MEMGMT* (Mobile Administrator)

MEREP_INSTTK_MPC (Creation of setup packages)

MEREP_JAVACLIENT (Uploading SyncBO definitions from the back-end system)

ME_CENTRAL_TRACING (Tracing)

BWAF_MW (Synchronization)

BWAF_MOMO (Synchronization)

BAPT

BWAF_INSTALLATION (Setup packages)

MI_PACKAGE_GEN (Setup packages)

ME_MON_SHLP (Monitors)

ME_QUEUE_MON (Monitors)

ME_TECH_MON (Monitors)

RFC2 (Monitors)

SDDO (Monitors)

S_TCODE

TCD

DEVICE_CONFIG (Device configuration)

SMOMO (Device removal)

S_MI_MGMT

ACTVT

*(Device administration and device configuration)

MI_GROUP

Stored in table MEMGMT_AUTH_GRP, transaction MGMT_AUTHORITY

(For the definition of groups with different authorizations, for example, ADMIN and SUPPORT)

S_USER_GRP

ACTVT

3 (Display user in Mobile Administrator)

       2.      Generate the profile and save the role you created.

Defining Service Users

...

       1.      Start transaction SU01 and create two service users (for example, MI_SERVICEADMIN and MI_SERVICESYNC).

For the password, only use the characters contained in the ISO 8859-1 character set.

       2.      Assign each of the users with one of the roles created.

See also:

Role Editing

Creating Individual Users