Show TOC

Service UsersLocate this document in the navigation structure

Use

Some central service users are required for dialog-free communication between the central components of SAP NetWeaver usage type PI and between application systems and PI.

After the installation of usage type PI, the following service users already exist together with a password in the client of the Integration Server and in the exchange profile. They are retrieved from there by the Java components of PI when the system is started.

They service users are listed below together with the roles assigned to them.

Service users available after installation

Service User

Description

Assigned Role

PILSADMIN

User for the Change Management Server

SAP_XI_CMS_SERV_USER

PIREPUSER

User for the Enterprise Services Repository

SAP_XI_IR_SERV_USER_MAIN

PIDIRUSER

User for the Integration Directory

SAP_XI_ID_SERV_USER_MAIN

PILDUSER

User for the System Landscape Directory (SLD)

SAP_BC_AI_LANDSCAPE_DB_RFC

PIAPPLUSER

User for sender applications

SAP_XI_APPL_SERV_USER

PIRWBUSER

User for the Runtime Workbench

SAP_XI_RWB_SERV_USER_MAIN

PIAFUSER

User for the Advanced Adapter Engine

SAP_XI_AF_SERV_USER_MAIN

PIISUSER

User for the Integration Server

SAP_XI_IS_SERV_USER_MAIN

PIPPUSER

User for principal propagation

SAP_XI_APPL_SERV_USER

Note

Passwords are specified for these users during installation. The names of the users as well as the password may be changed as required. Ensure, however, that they are always assigned the roles listed above.

The roles were created for each of the PI components, so that each component only needs this single service user.

Within PI, the roles provide you with all the authorizations required by the respective component for dialog-free access to the other components of PI. They are therefore also available on the Java side. To access the Java components, corresponding authorization assignments (security roles) on usage type AS Java are required. These are automatically performed when the Java components are deployed.

Description of the Service User Roles

The following service user roles are available:

  • SAP_XI_CMS_SERV_USER

    Service user role for the Change Management Server (CMS).

    Within PI, this role supplies all the authorizations required by the CMS for dialog-free access to the other components of PI, mainly the Enterprise Services Repository and Integration Directory.

  • SAP_XI_IR_SERV_USER_MAIN

    Service user role for the Enterprise Services Repository.

    Within PI, this role supplies all the authorizations required by the Enterprise Services Repository for dialog-free access to the other PI components.

  • SAP_XI_ID_SERV_USER_MAIN

    Service user role for the Integration Directory.

    Within PI, this role supplies all the authorizations required by the Integration Directory for dialog-free access to the other PI components.

  • SAP_BC_AI_LANDSCAPE_DB_RFC

    Service user role for the SLD.

    This role supplies all the authorizations required by the SLD for dialog-free access to the database of the SAP NetWeaver Application Server. This role is usually assigned to exactly one service user or communication user, which must be defined in the administration of the SLD for database consistency.

  • SAP_XI_APPL_SERV_USER

    Service user role for application systems that are sender business systems.

    This role supplies all the authorizations required by application systems (ABAP and Java) for dialog-free access to the components of PI.

  • SAP_XI_RWB_SERV_USER_MAIN

    Service user role for the Runtime Workbench.

    Within PI, this role supplies all the authorizations required by the Runtime Workbench for dialog-free access to the other components of PI.

  • SAP_XI_AF_SERV_USER_MAIN

    Service user role for the Advanced Adapter Engine.

    This role supplies all the authorizations required for communication between SLD, Integration Server, and Adapter Framework.

  • SAP_XI_IS_SERV_USER_MAIN

    Service user role for the Integration Server.

    This role supplies all PI-specific authorizations required by the Integration Server for dialog-free access to business systems based on SAP NetWeaver.

    Service users that have to be created in business systems for this purpose generally need additional authorizations that are specific to the service to be accessed.