
Some central service users are required for dialog-free communication between the central components of SAP NetWeaver usage type PI and between application systems and PI.
After the installation of usage type PI, the following service users already exist together with a password in the client of the Integration Server and in the exchange profile. They are retrieved from there by the Java components of PI when the system is started.
They service users are listed below together with the roles assigned to them.
Service users available after installation
|
Service User |
Description |
Assigned Role |
|---|---|---|
|
PILSADMIN |
User for the Change Management Server |
SAP_XI_CMS_SERV_USER |
|
PIREPUSER |
User for the Enterprise Services Repository |
SAP_XI_IR_SERV_USER_MAIN |
|
PIDIRUSER |
User for the Integration Directory |
SAP_XI_ID_SERV_USER_MAIN |
|
PILDUSER |
User for the System Landscape Directory (SLD) |
SAP_BC_AI_LANDSCAPE_DB_RFC |
|
PIAPPLUSER |
User for sender applications |
SAP_XI_APPL_SERV_USER |
|
PIRWBUSER |
User for the Runtime Workbench |
SAP_XI_RWB_SERV_USER_MAIN |
|
PIAFUSER |
User for the Advanced Adapter Engine |
SAP_XI_AF_SERV_USER_MAIN |
|
PIISUSER |
User for the Integration Server |
SAP_XI_IS_SERV_USER_MAIN |
|
PIPPUSER |
User for principal propagation |
SAP_XI_APPL_SERV_USER |
Passwords are specified for these users during installation. The names of the users as well as the password may be changed as required. Ensure, however, that they are always assigned the roles listed above.
The roles were created for each of the PI components, so that each component only needs this single service user.
Within PI, the roles provide you with all the authorizations required by the respective component for dialog-free access to the other components of PI. They are therefore also available on the Java side. To access the Java components, corresponding authorization assignments (security roles) on usage type AS Java are required. These are automatically performed when the Java components are deployed.
Description of the Service User Roles
The following service user roles are available:
SAP_XI_CMS_SERV_USER
Service user role for the Change Management Server (CMS).
Within PI, this role supplies all the authorizations required by the CMS for dialog-free access to the other components of PI, mainly the Enterprise Services Repository and Integration Directory.
SAP_XI_IR_SERV_USER_MAIN
Service user role for the Enterprise Services Repository.
Within PI, this role supplies all the authorizations required by the Enterprise Services Repository for dialog-free access to the other PI components.
SAP_XI_ID_SERV_USER_MAIN
Service user role for the Integration Directory.
Within PI, this role supplies all the authorizations required by the Integration Directory for dialog-free access to the other PI components.
SAP_BC_AI_LANDSCAPE_DB_RFC
Service user role for the SLD.
This role supplies all the authorizations required by the SLD for dialog-free access to the database of the SAP NetWeaver Application Server. This role is usually assigned to exactly one service user or communication user, which must be defined in the administration of the SLD for database consistency.
SAP_XI_APPL_SERV_USER
Service user role for application systems that are sender business systems.
This role supplies all the authorizations required by application systems (ABAP and Java) for dialog-free access to the components of PI.
SAP_XI_RWB_SERV_USER_MAIN
Service user role for the Runtime Workbench.
Within PI, this role supplies all the authorizations required by the Runtime Workbench for dialog-free access to the other components of PI.
SAP_XI_AF_SERV_USER_MAIN
Service user role for the Advanced Adapter Engine.
This role supplies all the authorizations required for communication between SLD, Integration Server, and Adapter Framework.
SAP_XI_IS_SERV_USER_MAIN
Service user role for the Integration Server.
This role supplies all PI-specific authorizations required by the Integration Server for dialog-free access to business systems based on SAP NetWeaver.
Service users that have to be created in business systems for this purpose generally need additional authorizations that are specific to the service to be accessed.