Show TOC Start of Content Area

Background documentation User Authorizations in Repository and Directory  Locate the document in its SAP Library structure

In both the Enterprise Services Repository and the Integration Directory, you can define more detailed authorizations that restrict access to design and configuration objects.

In both tools, you define such authorizations by choosing Tools User Roles from the menu bar. The authorization for this menu option is provided by role SAP_XI_ADMINISTRATOR_J2EE. Of course, this role should only be granted to a restricted number of administrators. To activate these more detailed authorizations, you must set exchange profile parameter com.sap.aii.ib.util.server.auth.activation to true.

The access authorizations themselves can be defined at the object-type level only (possibly restricted by a selection path). There you can specify each access action either individually as Create, Modify, or Delete for each object type, or as an overall access granting all three access actions.

The following table summarizes the object types that can be assigned to access actions:

Tool

Selection Path

Object Types

Repository

Software component version Namespace

All repository object types including the software component version itself

Directory

Partner Communication Component

*partner

*communication component

*sender channel

*receiver channel

Without selection path

*configuration scenario

*receiver determination

*interface determination

*sender agreement

*receiver agreement

 

When you activate the authorization, it is propagated as a user role to the associated User Management Engine (UME) with prefix XIRep. for an Enterprise Services Repository authorization and with prefix XIDir. for an Integration Directory authorization.

If you want to assign a specific authorization to a user, copy an appropriate composite role to a new composite role in ABAP role administration. Then assign the user to this new composite role and attach the specific authorization to the resulting UME group that corresponds to the new ABAP role.

Recommendation

Assign roles according to the least privilege principle, that is, define and assign only those roles that are explicitly needed by the designer or configurator, and nothing else.

 

End of Content Area