Creating Service Users
Use
You require two service users:
● One service user for synchronization
This service user is used to perform an anonymous synchronization. This is useful, for example, in the following situations:
○ To get the UTC time (when using a TIME_AGENT parameter set)
○ To generate error messages when errors occur during the synchronization process
○ To create setup packages using the Mobile Administrator
● One service users for administration
This user is required for communication between the systems, for example, to display data in the Mobile Administrator.
Alternatively, you can also use an individual administrator user here. For security reasons, we recommend using a service user with limited authorizations and without a dialog authorization.
The service user for the administration is used to access systems using an RFC. For example, you would enter this service user in the following cases:
○ When deploying the JRA for the Mobile Administrator (see Deploying the JRA for the Mobile Administrator)
○ When establishing the JCo-RFC connection (see Enabling Mobile Component Uploads)
○ When setting up the synchronization monitors (see Activating Synchronization Monitors)
If you configured the MI usage type automatically using the template installer in the SAP NetWeaver Administrator, you do not have to create the service users for the administration.
Defining Roles for Service Users for the Synchronization Process
...
Check whether the role for the service user exists. If not, define one:
1. Create an authorization profile without a template and add the following authorization objects to it.
Authorization Objects for the Service User (Synchronization)
Authorization Object |
Field |
Value |
S_ME_SYNC |
ACTVT |
38 (Synchronization) |
S_RFC |
ACTVT |
16 |
|
RFC_NAME |
SUSO (Detailed error message determination) ME_USER (Synchronization) BWAF_MW (Synchronization) BWAF_MOMO (Synchronization) SYST SRFC SG00 SDIFRUNTIME RFC1 |
2. Generate the profile and save the role you created.
Defining Roles for Service Users for the Administration
Check whether the role for the service user exists. If not, define one:
...
1. Create an authorization profile without a template and add the following authorization objects to it.
Authorization Objects for the Service User (Administration)
Authorization Object |
Field |
Value |
S_RFC |
ACTVT |
16 |
|
RFC_NAME |
RFC1 (Java Connector) SDIFRUNTIME (Java Connector) SYST (Java Connector) SG00 (Java Connector) SRFC (Java Connector) SYSU (Java Connector) SUSO (Detailed error message determination) MEMGMT* (Mobile Administrator) MEREP_INSTTK_MPC (Creation of setup packages) MEREP_JAVACLIENT (Uploading SyncBO definitions from the back-end system) ME_CENTRAL_TRACING (Tracing) ME_CONFIG_INFO (Monitoring) BWAF_MW (Synchronization) BWAF_MOMO (Synchronization) BAPT BWAF_INSTALLATION (Setup packages) MI_PACKAGE_GEN (Setup packages) ME_MON_SHLP (Monitors) ME_QUEUE_MON (Monitors) ME_TECH_MON (Monitors) ME_REPLIC_MON (Monitors) ME_RESOURCE_MON (Monitors) RFC2 (Monitors) SDDO (Monitors) ME_USER SU_USER |
S_TCODE |
TCD |
DEVICE_CONFIG (Device configuration) SMOMO (Device removal) |
S_MI_MGMT |
ACTVT |
*(Device administration and device configuration) |
|
MI_GROUP |
Stored in table MEMGMT_AUTH_GRP, transaction MGMT_AUTHORITY (For the definition of groups with different authorizations, for example, ADMIN and SUPPORT) |
S_USER_GRP |
ACTVT |
3 (Display user in Mobile Administrator) |
2. Generate the profile and save the role you created.
Defining Service Users
...
1. Start transaction SU01 and create two service users (for example, MI_SERVICEADMIN and MI_SERVICESYNC).
For the password, only use the characters contained in the ISO 8859-1 character set.
2. Assign each of the users with one of the roles created.
See also: