Authorizations 
Web Services uses the authorization concept provided by SAP NetWeaver. Therefore, the recommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide ABAP also apply to Web Services.
The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. Use the profile generator (transaction PFCG) for role maintenance for the ABAP technology.
Standard Roles in AS ABAP:
Role |
Description |
|---|---|
SAP_BC_WEBSERVICE_SERVICE_USER |
Role for background users of the Web service runtime |
SAP_BC_WEBSERVICE_ADMIN_TEC |
Role for technical administrator of Web services Monitoring of sequences, messages, logging, tracing, bgRFC, process integration Monitoring of payload for component SAP_BASIS Administration of tracing and logging, bgRFC, RFC Definition, execution, and publication of Web services Administration of the Internet Communication Framework Administration of the RFC destination Administration of the Task Watcher and the Event Handler |
SAP_BC_WEBSERVICE_ADMIN_BIZ |
Role for the Business Administrator |
SAP_BC_WEBSERVICE_CONSUMER |
Web Service user |
SAP_BC_WEBSERVICE_OBSERVER |
User role for viewing all information on Web Services |
SAP_BC_WEBSERVICE_DEBUGGER |
Role with debugging authorization |
SAP_BC_WEBSERVICE_ADMIN |
Administration authorizations for Web Services in AS ABAP, out of date, but still valid |
To assign authorizations for special Web services, proceed as follows:
In the role maintenance transaction (transaction PFCG), enter the name of a role, and then choose Change.
Under the Menu tab, choose the Other pushbutton.
Choose the radio button Authorization Defaults for Services.
Enter a name for the service. In the Ext.Service Type field, choose the value WS , and in the Service field, enter the required Web service.
Save your entries.
For more information, refer to: Role Administration