Dialog Users
Dialog Users
Dialog users represent human users (as opposed to service users), who log on through the various UIs of the Enterprise Services Builder, Integration Builder, System Landscape Directory, and Runtime Workbench. Dialog users are maintained in SAP NetWeaver usage type Application Server ABAP. A session-based single sign-on is supported.
The roles for the different dialog users displayed in the following table are predefined and shipped. Each role includes at least display authorizations for all PI components.
Dialog User Roles in a PI Landscape
Dialog User Role |
Description |
SAP_XI_DISPLAY_USER |
Read-only access to Integration Directory and Enterprise Services Repository |
SAP_XI_SUPPORT |
Read-only access to Integration Directory and Enterprise Services Repository, and to specific administration pages (as outlined below) of the Integration Server’s AS Java. This role is required for SAP support using Solution Manager Diagnostics (SMD). |
SAP_XI_DEVELOPER |
Design and development of integration processes |
SAP_XI_CONFIGURATOR |
Configuration of business integration content |
SAP_XI_CONTENT_ORGANIZER |
Maintenance of System Landscape Directory content |
SAP_XI_MONITOR |
Monitoring of PI components and messages |
SAP_XI_MONITOR_ENHANCED |
Monitoring of PI components and messages; as well as message editing |
SAP_XI_ADMINISTRATOR |
Technical configuration and administration of PI |
For further details on these roles, call the Role Maintenance transaction (PFCG).
Each role is a composite role consisting of an ABAP role (with suffix _ABAP) and a Java role (with suffix _J2EE). The ABAP role is only relevant when the dialog user executes an ABAP application. The Java role is relevant for Java applications such as the Enterprise Services Repository or the Integration Directory.
The roles are propagated to user groups of the User Management Engine (UME), which are then assigned to security roles for Java applications by using the SAP NetWeaver Administrator (Operations Management → User and Access Management → Identity Management).
For information on how to enable more detailed authorization concepts for the Enterprise Services Repository, the Integration Directory, or in message monitoring, refer to Further Security Tasks and Topics.
All these roles are security-relevant and should be given to dialog users only in a restricted form.
More information
about roles for the Services Registry:
Authorizations
Administration Pages with Read-Access Relevant to Role SAP_XI_SUPPORT
Name in SMD |
URL on AS Java |
Exchange Profile |
http://<host:port>/webdynpro/dispatcher/sap.com/com.sap.xi.exprofui/XIProfileApp |
Admin |
http://<host:port>/rep/support/admin/index.html |
Aii-Properties |
http://<host:port>/rep/support/public/ViewProperties.jsp |
Lock Overview |
http://<host:port>/rep/support/public/LockAdminService |
Cache Overview |
http://<host:port>/rep/support/public/ViewCaches |
Java Web Start Admin |
http://<host:port>/rep/support/admin/status.html |
General |
http://<host:port>/rep/support/info.jsp |
The Partner Connectivity Kit (PCK) offers different security roles that are deployed during the installation of the PCK together with the corresponding Java components and that are assigned to the user PCKUSER created during installation. The following table summarizes the security roles in the PCK.
Security Roles in the PCK
Security Role |
Description |
Administer |
Java component sap.com/com.sap.xi.pck*aii_ib_sbeans.jar With this role, you can access the configuration interface. |
Display |
Java component sap.com/com.sap.xi.mdt*mdt With this role, you can view messages in the message monitor. |
Modify |
Java component sap.com/com.sap.xi.mdt*mdt With this role, you can modify messages in the message monitor. |
Payload |
Java component sap.com/com.sap.xi.mdt*mdt With this role, you can view message payloads in the message monitor. |
xi_af_adapter_monitor |
Java component sap.com/com.sap.aii.af.app*AdapterFramework With this role, you can view the state of individual adapters. |
Support |
Java component sap.com/com.sap.xi.pck*pck With this role, you can access the PCK Administration from the PCK start page for maintaining PCK configuration parameters. |
If several users are to work with the PCK, create different users for them and assign each user to the specific role required.