Skip to Content
author's profile photo Former Member
Former Member

Users in R/3 backend for MAM

(I'm sorry if this question is repeated, I've tried to post it 2 times already but it returns an error. Hope this time it goes)


I am installing and configuring a MAM application (WebAS 6.40 SP13, MAM 2.5 SR2) scenario. We user for backend a SAP R/3 4.6c with PI 2004.1.

I have some doubts about users for using MAM. What I gathered so far is that I'll need the following users in R/3:

-A service user for accessing RFCs in order to connect MI (middleware) do R/3

-One user in R/3 for each front-end MAM user

These are all the users I will need in the backend, right? Also, I am not sure which type of authorizations they will need.

Quoting MI Installation Guide, the user to connect the middleware to R/3 "must have authorization for all SAP MI-specific function groups contained in table BWAFMAPP". What are the authorization objects for this user profile?

The same for the individual MAM users. Each one will need a user with the same name in the backend, but what type of authorization will they need? Do they need to be dialog users or can they be service users?


Daniel Franulovic

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Oct 01, 2005 at 03:08 PM

    Hi Daniel:

    I could understand that you had some issues in posting this topic.Because i got your First Message in my E-Mail but not able to trace that in the MI Forum.That is fine.

    Here are the 3 different checks you have to look at"Users & Authorizations" for setting up your MAM Users.

    (1) Backend:

    (1a) The SAP MAM User who synchronizes with the Backend from the MI Client should have all necessary authorizations for Plant Maintenance Components of the SAP System that are associated with your MAM Scenarios.Pl refer to the following Authorization Objects I_ALM_ME ,I_AUART,I_BEGRP,I_BETRVORG,I_CCM_ACT ,I_CCM_STRC,I_ILOA,I_INGRP,I_IWERK,I_KOSTL ,I_QMEL,I_ROUT ,I_ROUT1,I_SOGEN,I_SWERK,I_TCODE ,I_VORG_MEL,I_VORG_MP ,I_VORG_ORD,I_WPS_MEB ,I_WPS_REV in your Backend System and have it assigned to the User Profile, based on your requirement.

    (1b) Service User for setting up the MAM & MI Landscape: This user logon info has to be setup in the RFC Destination that is associated with your MAM25 SyncBOs, to logon to the Backend System and this user should have the basic authorizations required to establish the connection.

    (2) MI Middleware: The SAP MAM User who synchronizes with the Backend from the MI Client should have the following Authorization Objects assigned to his/her profile. S_ME_SYNC, S_RFC, S_TCODE.

    (3) MI Client: Refer to MI Security Guide.As discussed earlier,note that the MI Client MAM User is same as the Middleware User and the Backend User.

    Let me know, if you are looking for anyother additional info.



    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Daniel!

      Good that your problem is solved with SAP_ALL and now you are sure that it is a SAP Authorization Issue.Did you check the setup for "MeRep Handler job of synchronization messages" in MEREP_PD, under Runtime Component for Handler.

      Any have If you schedule a background job for the Handler, the messages that were not processed immediately due to to limit the number of simultaneous handler processes in order to control system performance, some messages from the client device are not processed immediately when being received by the server.In the case that allow batch-user in MEREP_PD is set, the handler is kicked using the batch user and this will be used to access the backend system

      In the case that no allow batch-user in the MEREP_PD is set, the handler is kicked using the user name, which is used for the logon to the WAS from the client device (THIS IS THE CASE WHEN THE USER NAME USED IN A DEVICE CAN BE OBTAINED WITHIN THE BAPI WRAPPER IN CASE OF 2-WAY SYNCBO).Hence this user this user needs appropriate authorizations in both the SAP Web AS and in the backend system where the application data resides.

      Probably this is causing the problem.You can check this and see if this resolves the issue to get rid of SAP_ALL.



Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.