Authorizations

Web Services uses the authorization concept provided by SAP NetWeaver. Therefore, the recommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide ABAP and the SAP NetWeaver AS Security Guide Java also apply to Web Services.

The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. For role maintenance, use the profile generator (transaction PFCG) when using ABAP technology and the User Management Engine’s user administration console when using Java.

Note Note

For information about creating roles, refer to Role Management.

End of the note.

Standard Roles for Web Services in the AS ABAP

More information: Authorizations

Roles for the SAP UDDI Server

Role	Description
UDDI_Admin	Role for UDDI Administration Can create all objects in the UDDI and has access to all data of other users
UDDI_TierN	Can create all objects in the UDDI server without restrictions. No access to data of other users.
UDDI_Tier1	Can create one business entity, four business services and one hundred tModels. No access to data of other users.

Roles for the Services Registry

Role	Description
SERVICES_REGISTRY_READ_ONLY	Can call Read APIs.
SERVICES_REGISTRY_READ_WRITE	Can call Read and Write APIs.

Roles for the Enterprise Services Repository and Enhanced Service-Based Integration

To implement service-based integration, you use the Integration Broker as a broker between the Web service consumer and the service provider.

More information: User Authorizations in Repository and Directory