Documentation for PI ABAP roles
Hi all,
is there a general documentation for the PI ABAP roles? I assume something like that:
- User should access J2EE Adapter Engines / SOAP Adapter (used for sending a Webservice to PI from a 3rd Party Application) --> necessary role abc
- User should be able to process Alerts in Alert Inbox --> necessary role def
- User should be able to create repository objects --> necessary role ghi
- User should be able to create scenario objects in intergration directory --> necessary role jkl
What I still don't know which ABAP role is used for which purpose. We'd like to assign minimal roles to the users.
BR
Holger
Hi,
Check in this link:
http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
For alerts refer this:
The following predefined user roles are available for customizing and administration:
SAP_BC_ALM_CUST for customizing authorization.
SAP_BC_ALM_ADMIN for administration authorization. The administrator has the authorization for all activities. He or she can also read and confirm alerts for other users. In addition, the administrator can execute report RSALRTPROC to delete, escalate, and deliver alerts as well as to delete logs.
For the sending of alerts via external communication methods (e-mail, sms, fax) and for inbound processing, an RFC user has to be created on the central alert server with the role SAP_BC_ALM_ALERT_USER. The authorization objects contained in this role are S_OC_SEND and S_RFC.
Accessing alert inbox the userid has to have the role SAP_XI_MONITOR.
SAP_ALM_ADMINISTRATOR - Alert Management Administrator Give this rights
Refer the SAP_XI_ADMI topic and see the roles.
http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
Refer link for user roles: http://help.sap.com/saphelp_nw2004s/helpdata/en/74/03b140ade49c2ae10000000a155106/content.htm
Roles needed for IR and ID:
Role: SAP_XI_Developer
SAP_XI_DEVELOPER (Composite)
SAP_SLD_DEVELOPER
SAP_XI_DEMOAPP
SAP_XI_DEVELOPER_ABAP
SAP_XI_DEVELOPER_J2EE
Role: SAP_XI_Configurator
SAP_XI_CONFIGURATOR (Composite)
SAP_SLD_CONFIGURATOR
SAP_XI_BPE_CONFIGURATOR_ABAP
SAP_XI_CONFIGURATOR_ABAP
SAP_XI_CONFIGURATOR_J2EE
SAP_XI_DEMOAPP
Regards,
Nithiyanandam
Edited by: Nithiyanandam A.U. on Feb 18, 2008 2:31 PM
Similar Messages
-
List of all objects authorized for standard abap role
Hi all,
Can any body help me to get " List of all objects authorized for standard abap role "
And List of all objects authorized for "admin role".
Thanks
BasuSee the database security guide http://docs.oracle.com/cd/B28359_01/network.111/b28531/authorization.htm#BABFHBFH
Finding Information About User Privileges and Roles
This section discusses the system views that have the grant information.
The tricky part of this is that because roles can be granted to other roles the data is hierarchical.
So start with the grants made to the FDIREADR role. So referring to the doc above;
select * from role_role_privs where role = 'FDIREADR'will list the roles granted to your role.
You will want to look at ROLE_ROLE_PRIVS, ROLE_TAB_PRIVS and ROLE_SYS_PRIVS.
I suggest you walk thru the views manually to see how the information is related. Then write a test script that queries the views for you. -
Documentation for Upgrading the Roles/Authorisatiosn
Hi,
I have upgraded my BW 3.5 system to BW 7.0(NW2004 to NW2004s Upgrade)
Please let me know the link where i can get the documentation for the following activities
1. Generatin of Roles/Authorisation --The document which tell me teh step by step activites of changing the authorisations for the new System
2. Converting the objects in Bw 3.5 to 7.0 --Like changing the Infocubes, infoobjects to Version 7.0Hi,
Check in this link:
http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
For alerts refer this:
The following predefined user roles are available for customizing and administration:
SAP_BC_ALM_CUST for customizing authorization.
SAP_BC_ALM_ADMIN for administration authorization. The administrator has the authorization for all activities. He or she can also read and confirm alerts for other users. In addition, the administrator can execute report RSALRTPROC to delete, escalate, and deliver alerts as well as to delete logs.
For the sending of alerts via external communication methods (e-mail, sms, fax) and for inbound processing, an RFC user has to be created on the central alert server with the role SAP_BC_ALM_ALERT_USER. The authorization objects contained in this role are S_OC_SEND and S_RFC.
Accessing alert inbox the userid has to have the role SAP_XI_MONITOR.
SAP_ALM_ADMINISTRATOR - Alert Management Administrator Give this rights
Refer the SAP_XI_ADMI topic and see the roles.
http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
Refer link for user roles: http://help.sap.com/saphelp_nw2004s/helpdata/en/74/03b140ade49c2ae10000000a155106/content.htm
Roles needed for IR and ID:
Role: SAP_XI_Developer
SAP_XI_DEVELOPER (Composite)
SAP_SLD_DEVELOPER
SAP_XI_DEMOAPP
SAP_XI_DEVELOPER_ABAP
SAP_XI_DEVELOPER_J2EE
Role: SAP_XI_Configurator
SAP_XI_CONFIGURATOR (Composite)
SAP_SLD_CONFIGURATOR
SAP_XI_BPE_CONFIGURATOR_ABAP
SAP_XI_CONFIGURATOR_ABAP
SAP_XI_CONFIGURATOR_J2EE
SAP_XI_DEMOAPP
Regards,
Nithiyanandam
Edited by: Nithiyanandam A.U. on Feb 18, 2008 2:31 PM -
Most important documentations for desktop support role.
I'd suggest that amongst many others, you need a network map, indicating how your landscape is put together. It's also worth having a patching diagram in each rack / cabinet for that location.You need to have full details on each server; especially all physical servers. It's worth detailing what services, applications, roles each server (including VMs) are hosting; along with information on any specific configuration requirements. Think of what you would need if you had to rebuild that server completely from scratch.I used to have a number of work check lists; things that would be required when performing certain tasks. These would detail the steps involved, what would be required to perform a check, and highlight any specific requirements or warnings (e.g. don't re-boot unless serviceY has been stopped first as otherwise it might take...
Hi guys!
I have joined a company newly and also just starting my career. My company barely has documentation for tasks and troubleshooting issues and i have been working on creating them lately. I would like to know what are the best and most required documentations for a desktop support or IT support role. e.g New system installations, Configuration documents for basic tasks,.....e.t.c.
Please share your knowledge.....
This topic first appeared in the Spiceworks Community -
Dear Friends,
I want to learn HR-ABAP,so i need technical material could any one send to me ,
Thank you .Hi Sikindar,
Client has given confirmation form, applointment form...............like that.
For that forms i want to prepare functional specification.
Pls let me know.
Thanks and Regards,
Revathi. -
Role Mapping For Portal Role Assignment and ABAP Role Assignment
Summary:
- Under the GRC configuration of Roles> Role Mapping we are trying to utilize the role mapping feature in GRC for associating a dependent role to a main role.
- We want to use this role mapping feature for the purposes of adding an Enterprise Portal role for every ABAP role that gets approved for the user in an ABAP component system (i.e. ECC, BW, CRM etc). We will have a 1:1 mapping of Enterprise Portal role to ABAP role defined in the role mapping section in GRC.
- We want to set up the workflow in such a way that the main role (ABAP role) is the only role that needs to be approved. The dependent role (Enterprise Portal role) should be added or not added based on the approval or denial of the main role (ABAP role). In other words if the role owner for the abap role approves the abap role, then both the abap and EP role will be provisioned by GRC and if the role owner rejects/denies the role, then neither the abap or EP role will be provisioned by GRC.
Problem Description:
Our Scenarios we tested:
Scenario 1:
Main Role: Attached to Initiator A & workflow A (routes to single approver based on role)
Dependent Role: Attached to Initiator B & workflow B (routes to auto approval or no approval)
*Problem with the Scenario 1setup above, the dependent role will always get approved & provisioned regardless of the approval or denial of the main role.
Scenario 2:
Main Role: Attached to Initiator A & workflow A (routes to single approver based on role)
Dependent Role: Attached to Initiator A & workflow A(routes to single approver (same as main approver) based on role)
*Problem with the Scenario 2 setup above, the dependent role will always also need to get approved by the same approver as main role and it opens the possibility that the approver may accidently approve the main role and deny the dependent role, which is not the ideal setup as we inherit the risk of human error.
Questions:
1. Does the dependent role need to be defined in an initiator at all since it will never directly be requested directly?
2. If the dependent role does need to be in the initiator file, please describe how to properly setup the initiator and workflow stage & path so that we can maintain the desired relationship with the main role approval dependency? (if the role owner for the main role approves the main role, then both the main role and dependent role will be provisioned by GRC and if the role owner rejects/denies the main role, then neither the main role or depedent role will be provisioned by GRC
Edited by: Rene Griffith on Feb 26, 2010 10:22 PMI tested this set up.
1. Defined ABAP role as Manin role
2. Defined Non-ABAP role as dependednt role
3. ABAP role is set up in initiator requiring business approval.
4. Non-ABAP role is set up in initiator with no approval required.
Results Where Business Approver approves the ABAP Role
1. Only the ABAP role is displayed in approver view which is desirable.
2. ABAP role is approved and Non-ABAP role and ABAP role is provisioned.
Results Where Business Approver rejects the ABAP Role
1. Only the ABAP role is displayed in approver view which is desirable.
2. ABAP role is rejected but Non-ABAP role is provisioned which is not what we want. We want the Non-ABAP role not to provision if the ABAP role is rejected by the business approval.
Thanks again for your help. -
ABAP/4 Keywords for all SAP R/3 Versions with Delta Documentation for abap
Hello Experts,
Do please provide me with the way to find out the Delta Documentations for ABAP for all version of SAP R/3 starting from 3.0 to 6.0
points will be awarded if helpful.
Thanks in AdvanceLog on to SAP. Use transaction ABAP_DOCU. Click on Keyword Help. Don't enter an ABAP keyword, press cont. button.
In the window that opens, in the tree on the left handside, you'll see ABAP Changes By Release.
This contains all the information you need.
matt -
ABAP Keyword Documentation for ECC 6.0
Hello,
Can somebody point out the link to the ABAP Keyword Documentation for ECC 6.0?
Thanks in advance.
Regards,
ReenaHi,
Look into this URL:
http://www.geocities.com/academic37/abap/abapindx.htm
Rgds,
Ramani N -
Abap keyword documentation for ERP 2005
Hi,
I am currently working on a R/3 upgrade project and I am looking for changes on the programming language ABAP. The problem is, those changes are documented in the ABAP key documentation. But since, we have not yet the new version, I have no access to those important information. Where can I find it?
Thanks a lot in advance!Hi,
Navneeth,
I am also looking for this documents . Please send a copy to me also. This is my mail id.
[email protected]
I have posted the same issue before. this will be the link, but not got proper reply if send me the document it will be very useful to me.
ECC 6 Obsolate commands & function modules
Thanks
aRs -
Roles for Testing ChaRMs for Non-Abap Systems
Hi,
Can you please suggest what all authorizations are required for Testing the ChaRM functionality for non-abap systems
Thanks in advance
Regards,
Reddihi
check the link
Check the Configuration guide for the prerequisites. -
UME problem - ABAP roles not showing up in UME
Hello,
I'm having a problem where the ABAP roles (UME groups) for my PI system are not showing up as assigned to a user in the UME. The roles assigned to the user are not reflecting the roles (UME groups) that are in the ABAP side. But, other users are showing up fine. The user is shown to have only the standard basic roles.
This works fine on my development and AS system. Any help would be greatly appreciated. Thanks.Hi George,
There is a 30 minute delay before these roles/groups show up in the Java system. Could that be the problem in your case?
See the [documentation|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/45/af3ac012d32e78e10000000a155369/frameset.htm].
-Michael -
Abap role in the enterprise portal?
Can anyone give me a clear picture abt the enterprise protal and abap role in that?
Hi when there is an integration between EP and R/3 and you click on the User Adinistration of the Portal you will find two types od users available there.
1. UME Database - this is nothing but the Portal Roles here you will find all the roles related to portal administration, such as eu_role, eu_corerole etc etc .
We assign portal developer roles to the user form here like Content Admin, System Admin, etc etc.
2. ABAP Role : whatever role are defined for the user in the backened will appear here ...
for instance if you implement ESS, hence the user must be able to apply for Travel so a backend r/3 travel role will be attached in SU01 for that user. This is visible on portal.
Hope this clarifies!
Cheers!
SJ. -
J2EE roles vs Portal roles vs ABAP roles
(I also posted this on portal implementation, but i hope i receive more reactions here )
Dear all,
I have a question about the information on the following link:
http://help.sap.com/saphelp_nw2004s/helpdata/en/4c/6c0f40763f1e07e10000000a1550b0/content.htm
It says the following:
"These functions are intended to assign users and their assigned portal roles a corresponding role in the SAP System. This corresponding role (authorization role) contains the authorizations needed to execute certain functions from the portal."
1. These "...certain functions..." they talk about, can someome give an example of these functions?
2. Is it possible for example to create a role in the portal that gives a user authorisation for starting transaction SE80 in the backend system? Without making the role in the backend first and uploading it to the portal.
3. It's also possible to upload ABAP roles to the portal. Is the main reason for this that users can see their SAP menu (or part of it) in the portal? Or does this have other advantages too?
4. I'm very confused about the relation between J2EE roles, portal roles and ABAP roles. Is it possible to manage the roles for a user in one place, without having to do certain actions in the portal AND the backend system?
From what I've read on help.sap.com, you always need to do certain actions in both places.
A possible approach is the following (from what i know): Creation of roles in the R/3 system, without assigning to users. From a webdynpro application, a user can then be created and roles can be assigned: portal roles (via some API) and R/3 roles (via BAPIs).
I hope someone can give a bit information on this issue. I've done alot of reading on help.sap.com, but it's still an abstract issue for me.
Kind regards,
JorenHi Jorem
Re: point 3. I don't build portal roles through this mechanism as I don't believe in replicating the SAP easy access menu inside the portal. If there are some specific functions (transactions) that I want to run inside the portal, then I might use this mechanism to build the iViews once. I would rather start an iView that runs transaction SMEN and let the user see their regular easy access menu.
Please note that the speed of executing transactions in the portal isn't a function of the portal, but the fact that you are using ITS, for example, to web enable the transaction...
Re: point 4. Groups are a UME concept. They have nothign to do with ABAP groups. They can be created directly in UME through user administration functions, or they can be created in the LDAP and then they are visible in the portal. If the UME points to an ABAP system, then the ABAP roles are autoamtcially visible as UME groups. Groups created in the UME need to have the members assigned through user admin functions of the Java engine. Groups stored in LDAP are maintained using LDAP admin tools. There are upload utilities that allow you to maintain LDAP users and groups through text files. Google LDIF for more details.
Roles on the portal need to be built in the portal contetn directory. As Michael mentioned, this can be automated by the use of the role upload function built into the portal. -
ABAP Role Assignments stored in MSAD
Hi all,
unfortunately I have only found contradicting information in relation to the possibility to manage ABAP role assignments using a MS Active Directory.
We plan to implement a WAS (ABAP) 6.40 SP14, synchronise data between the WAS and the corporate MSAD. While WAS (ABAP) is not capable of MSAD based authentication I suspect it is possible to manage the user/role assignments in MSAD. Am I right in my assumptions (see list below) that the following data entities can/cannot be managed and synchronised/stored with the WAS (ABAP) out of the box?
WAS ABAP
1. possible - user master data (e.g. userName, address, etc.)
2. possible - user/role assignments
3. not possible - user passwords (however, can be bypassed through SSO based on NTLM)
Portal UME
1. possible - user master data
2. possible - user password
3. possible - role/group assignments
4. possible - group/user assignments
5. possible - user/group assignments
6. possible - user/role assignments
Thanks for the help!!
Cheers StefanHi,
Thanks for the suggestion. But ours was a different problem.
The issue was with a faulty reconciliation job that had been fixed. But it had done its damage before the fix and this caused the inconsistent behavior.
During the reconciliation job (to update changed and add new backend roles in IDM) various task trigger attributes get disabled and then re-enabled after the import. These disabled triggers did not get re-enabled for the privileges on some systems. And the reconciliation job was also delta enabled, so only new privileges, after the initial load, should have been impacted. But impact to many privileges -- all privileges of some target systems -- misled our investigation. The timing of the reconciliation job executions kind of added to the confusion and inconsistencies during the initial setup. But we finally tracked this down and wrote a custom job to fix the triggers for only the affected privileges. Assignments to all systems started to function successfully as expected.
Best regards,
Ashok -
Mapping ABAP roles and assignments to EP UserGroups and EP Roles
Hello.
I have set up my EP7 UME to upload ABAP roles as Portal Groups . Im expecting the ABAP role to user assignment to also reflect as EP Group to User assignment.
All my roles that 'exist' in the ABAP source system are created in EP7 correctly as expected. However, only "direct" user to role assignments are uploaded. NONE of my "indirect" user to role assignments (ie: Via HR Org in ABAP system) are reflected in EP.
Qtn: Is there a way I can encorporate indirect user-role assignments into the upload into EP as well ??
Thanks
Andrew
ps: I have played with HR org active switch in vain in ABAP systHi Kumar,
Have you tested the connection of your R3 system?
Do you want to connect to the ABAP UME? If so do the following:
1. Logon to the portal as administrator
2. Go to:
1. System Administrator
2. System Configuration
3. UME Configuration
4. Click Modify Configuration
5. From the drop down select ABAP system
Fill in the details for your system.
Click on the User Mapping tab
Click on the reference system combo box and select the relevant system
(in this case R3)
Click on the Test Connection button. If the test has been successful you should get a Connection test successful. ~<b>It is important to test the connection before saving otherwise this could cause you lots of problems!</b>
Thanks,
Nick
Maybe you are looking for
-
In my labview program, I open, edit, and close multiple excel sheet one at a time. It used to work, but I am getting a -41106 error. It said that the possible reason is "Report Generation Toolkit: Microsoft Word or Excel did not open. Make sure Mi
-
After downloading IOS 6 all my stored pictures were wiped off. I later noticed that the pictures are still there on photo stream on my Facebook and google accounts. How do I transfer these pictures back to my iPad from any of these accounts?
-
I want to write a program in LabView and create an execute but I want to be able to pass test results to test stand to find it the unit pass ar fail the test then save the data to a database. How would i go about it.
-
"No valid RFC for the system VEP" in solman_setup in solman7.1
Hi Gurus, I've installed Solman 7.1. Configured STMS as single domain alone. STMS was successfull and the RFC was created and that also successfull. But in solman_setup, in system preparation phase, check STMS, its throwing the error "No Valid R
-
I want to unsuscribe from Adobe Premiere Pro
Good Day, I want to cancel the 1 year license for Adobe Premiere pro CC if it's possible