Dialog Users (Dual-Stack)

Use

Each dialog user role has authorizations for multiple components of SAP NetWeaver usage type PI. The roles contain task-specific authorizations and they all contain at least display authorizations in all PI components. They are described in more detail in the following.

The user PISUPER is available as standard dialog user. It provides access to all components of SAP PI.

The following dialog user roles are provided:

  • SAP_XI_DISPLAY_USER

    The display user is able to display the entire content of the Enterprise Services Repository, the Integration Directory, the System Landscape Directory (SLD), the Integration Engine/Server, and so on.

  • SAP_XI_SUPPORT

    The support role provides all display rights of SAP_XI_DISPLAY_USER plus additional read-only access rights to specific AS Java administration pages on the Integration Server.

    This role is required for SAP support using Solution Manager Diagnostics (SMD).

  • SAP_XI_DEVELOPER

    The developer is responsible for all activities within PI that affect the design and development of integration processes.

    In particular, this means the design of scenarios, interfaces, and mappings in the Enterprise Services Repository. The tasks of a PI developer also include generating proxies (ABAP and Java) and implementing them in the associated business systems.

  • SAP_XI_CONFIGURATOR

    The configurator is responsible for all activities within PI that affect the configuration of integration processes (integration content).

    In particular, this means

    • The settings for logical routing, mapping, and technical routing in the Integration Directory

    • The maintenance of the SLD

    • The maintenance of the configuration data for the IDoc adapter (metadata on the ABAP side)

    • The configuration settings of the Adapter Engine

  • SAP_XI_CONTENT_ORGANIZER

    The content organizer is responsible for activities within PI that affect the organization and structuring of the contents of the SLD. More precisely, this means maintaining and importing software components in the SLD.

    These are tasks that are usually not performed by a developer or a configurator.

  • SAP_XI_MONITOR

    The monitor is responsible for all activities within PI that affect monitoring.

    In particular, this means

    • Monitoring XML message processing and message throughput

    • Troubleshooting and status tracking of XML messages

    • Monitoring the processed IDocs and RFCs in the corresponding adapters (on the ABAP side)

    • Monitoring the messages sent or received by the Marketplace adapter

    By using the authorization object S_XMB_MONI, you can grant authorizations for monitoring depending on party, communication component, and interface. For more information, refer to the documentation for this authorization object.

  • SAP_XI_MONITOR_ENHANCED

    In addition to the activities of SAP_XI_MONITOR, this role enables you to edit the payload of a message.

  • SAP_XI_ADMINISTRATOR

    The administrator is responsible for all activities that affect the technical configuration and administration of the individual PI components.

    The administrator is also responsible for maintaining the data in the exchange profile.

  • SAP_SLD_ADMINISTRATOR

    The SLD administrator is responsible for all activities that affect the administration of the SLD.

  • SAP_SLD_CONFIGURATOR

    The SLD configurator is responsible for all activities that affect the configuration of the SLD.

There are additional roles available as listed below:

  • SAP_XI_CONFIGURATOR_EXT_J2EE

  • SAP_BC_ALM_ADMIN

  • SAP_BC_ALM_ALERT_USER

  • SAP_BC_ALM_CUST

  • SAP_XI_BPE_ADMINISTRATOR_ABAP

  • SAP_XI_BPE_CONFIGURATOR_ABAP

  • SAP_XI_BPE_MONITOR_ABAP

  • SAP_BC_AI_LANDSCAPE_DB_RFC

  • SAP_BC_BASIS_MONITORING

  • SAP_BC_BASIS_ADMIN

  • SAP_NWA_FULL

  • SAP_BC_WEBSERVICE_PI_CFG_SRV

For more information, choose transaction PFCG on your AS ABAP host, select the role and check out the role description.

In addition to that, the standard dialog user J2EE_GUEST is available (assigned role SAP_J2EE_GUEST).

The user J2EE_ADMIN is another standard dialog user for administration purposes.

Assigned roles:

  • SAP_BC_WEBSERVICE_ADMIN

  • SAP_J2EE_ADMIN

  • SAP_SLD_ADMINISTRATOR

The users entered in AS ABAP are automatically available in AS Java for logging on to the Enterprise Services Builder, Integration Builder, SLD, Runtime Workbench, and Marketplace adapter. This means that user authentication takes place In AS ABAP.

After installing AS ABAP, the roles are also automatically available in AS Java. Here they appear in the form of User Groups on the administration user interface. The authorizations required for the Java components (security roles) are assigned during deployment.