Role Editing for Mobile
Applications 
Purpose
With this process
you can assign users authorizations for SAP MI.
Authorizations are assigned in the SAP MI according
to the SAP authorization concept. For more information, see 
Users and Roles
(BC-SEC-USR) and SAP Authorization
Concept.
Process Flow
...
1. You create roles with the required mobile applications or enhance existing roles to include the mobile applications.
2. You assign the following authorization objects to the created roles (see Creating a Single Role):
Authorization Objects
Authorization Object |
Field |
Value |
Description |
S_ME_SYNC |
ACTVT (Action) |
38 (Execute) |
Execution of synchronization, relevant for all users |
S_RFC |
ACTVT (Action) |
16 (Execute) |
RFC access to all function groups |
|
RFC_NAME (RFC object to be protected) |
RFC1 SDIFRUNTIME SYST SG00 SRFC SYSU |
For all individual users (Java Connector)
|
|
|
ME_USER
|
For all individual users (to change the synchronization password from the client) |
|
|
SUSO
|
For the service users (see Creating Service Users) (determination of relevant error message) |
|
|
BWAF_MOMO |
For administrators (use of the SAP MI Web Console) |
|
|
ME_CENTRAL_TRACING |
For administrators (tracing in the SAP MI Web Console) |
|
|
BWAF_INSTALLATION |
For administrators (installation data in the SAP MI Web Console) |
|
|
BWAF_MW |
For all individual users (synchronization) |
|
RFC_TYP (type of RFC object) |
FUGR (function group) |
|
S_TCODE |
TCD (transaction code) |
SMOMO |
For administrators (display of data in the SAP MI Web Console) |
|
|
MEREP* |
For administrators (transactions for Smart Synchronization) |
|
|
MI_MCD MCD |
For administrators and developers (display and edit Mobile Component Descriptors) |
S_MI_MGMT |
ACTVT (Action) |
* (for all values) 01 (Add, Create) 02 (Change) 03 (Display) 06 (Delete) 78 (Assign) |
For administrators (device administration and configuration) |
|
MI_GROUP |
Stored in table MEMGMT_AUTH_GRP, transaction MGMT_AUTHORITY |
For the definition of groups with different authorizations, for example, ADMIN and SUPPORT |
S_MI_CCMS |
ACTVT (Action) |
* |
For administrators (customizing of alerts and display of alerts in the Alert Monitor)
|
S_MI_ALERT |
ACTVT (Action) |
36 |
For administrators (customizing of alerts) |
S_DATASET |
ACTVT |
34 (Write) |
For administrators (storage of alerts on the server) |
3. You configure user-specific data filtering for the applications contained in the role by assigning the authorizations to the above roles that control user-specific data filtering (see Defining User-Specific Data Filtering). The documentation for the applications contains information about the authorizations that must be assigned here.
4. You assign the corresponding roles to the users . You can combine users into user groups.