Access Controls Using Assigned Users
Use
For a sender communication component of type Business Componentor Business System, you can now restrict access to the runtime environment to particular (service) users. An authorization check is run at runtime to ensure that messages that have the particular communication component entered as the sender in the message header can only be executed in the Advanced Adapter Engine by the specified users.
You specify the access control when you configure the corresponding (sender) Communication Component in the Integration Directory.
In addition, you can restrict the access control to a particular interface of the sender. You specify the authorized users in the configuration of the relevant integrated configuration, which contains the interface in the object key.
This function is intended specifically for configuring B2B scenarios. In this way you agree a special user with an external business partner for communication using SAP Process Integration. Assign this user to all communication components that the external partner uses to send messages to your Advanced Adapter Engine. The external business partner must include this user when configuring their receiver channels (or when configuring their HTTP destinations).
Activities
Assigning Users to a Communication Component
To assign authorized users, in the editor Edit Communication Component, select the Assigned Userstab page. Add a new row for the user and enter the user name manually.
The user names are always treated as case-sensitive by the runtime components involved and are therefore always saved as capital letters.
Assigning Users to an Integrated Configuration
To specify authorized users for a particular interface of the sender, in the editor Edit Integrated Configuration, choose the Assigned Userstab page and insert the users line by line.
Example
A business-to-business process involves a travel agency and the airline Lufthansa. Both business partners agree that the runtime environment of the travel agency will only process messages from Lufthansa when they are sent by using the user USER_LH.
To achieve this, the integration expert who performs the configuration at the travel agency enters the user USER_LHfor all sender components of the partner Lufthansa.
The integration expert at Lufthansa must then ensure that all messages that are sent to the travel agency are sent by using the user USER_LH. The integration expert usually makes this setting in the configuration of the receiver channels that are responsible for the outbound processing of the messages destined for the travel agency.
At runtime, a check is then performed at the travel agency to ensure that all messages for which Lufthansa sender components are entered in the message header were sent by using the user USER_LH. The user entered (for the corresponding communication component) is compared with the user with which the message arrives. The runtime of the travel agency will only process the message without errors if both users are identical.