Web Services uses the authorization concept provided by SAP NetWeaver. Therefore, the recommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide ABAP also apply to Web services.
The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. For role maintenance, use the profile generator (transaction PFCG) when using ABAP technology.
The following table provides information about the standard roles for Web services in AS ABAP:
Role |
Description |
---|---|
SAP_BC_WEBSERVICE_SERVICE_USER |
Role for background users of the Web service runtime |
SAP_BC_WEBSERVICE_ADMIN_TEC |
Role for technical administrator of Web services Monitoring of sequences, messages, logging, tracing, bgRFC, process integration Monitoring of payload for component SAP_BASIS Administration of tracing and logging, bgRFC, RFC Definition, execution, and publication of Web services Administration of the Internet Communication Framework Administration of the RFC destination Administration of the Task Watcher |
SAP_BC_WEBSERVICE_ADMIN_BIZ |
Role for the business administrator |
SAP_BC_WEBSERVICE_CONSUMER |
Web service user |
SAP_BC_WEBSERVICE_OBSERVER |
User role for viewing all information on Web services |
SAP_BC_WEBSERVICE_DEBUGGER |
Role with debugging authorization |
SAP_BC_WEBSERVICE_ADMIN |
Administration authorizations for Web Services in AS ABAP; while out of date, it is still valid |
For information about creating roles, see Role Management .
For more information about roles and authroizations objects for SOA Manager (transaction SOAMANAGER), see Roles and Authorizations .