Authorizations (SAP Library - Application Development on AS ABAP)

Authorizations

Web Services uses the authorization concept provided by SAP NetWeaver. Therefore, the recommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide Java also apply to Web Services.

The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. Use the profile generator (transaction PFCG) for role maintenance for the ABAP technology.

Standard Roles in AS ABAP:

Role	Description
SAP_BC_WEBSERVICE_SERVICE_USER	Role for background users of the Web service runtime
SAP_BC_WEBSERVICE_ADMIN_TEC	Role for technical administrator of Web services Monitoring of sequences, messages, logging, tracing, bgRFC, process integration Monitoring of payload for component SAP_BASIS Administration of tracing and logging, bgRFC, RFC Definition, execution, and publication of Web services Administration of the Internet Communication Framework Administration of the RFC destination Administration of the Task Watcher and the Event Handler
SAP_BC_WEBSERVICE_ADMIN_BIZ	Role for the business administrator
SAP_BC_WEBSERVICE_CONSUMER	Users of a Web service
SAP_BC_WEBSERVICE_OBSERVER	User role for viewing all information on Web Services
SAP_BC_WEBSERVICE_DEBUGGER	Role with debugging authorization
SAP_BC_WEBSERVICE_ADMIN	Administration authorization for Web Services in AS ABAP – old version, but still valid

To assign such authorizations for special Web services, proceed as follows:

...

1. In the role maintenance transaction (transaction PFCG), enter the name of a role, and then choose Change.

2. Under the Menu tab, choose Other.

3. Choose the radio button Authorization Defaults for Services.

4. Enter a name for the service. In the Type of Ext.Service field, choose the WS value. In the Service field, choose the required Web service.

5. Save your entries.

For more information, refer to Role Administration.