Skip to Content

J2EE authorizations in SAP PI 7.40

So, we are in the process of upgrading our PI systems from 7.11 to 7.40. We have always had problems with J2EE authorizations in the past, but now I am facing some challenges I hope you can help me with.

a) Some aspects that have worked in the past do not work any longer. For example, our developers cannot access message payloads anymore. Let me explain, that we have a very strict separation of duties and authorizations between admins, developers and support. Developers are supposed to be able to view message payloads (at least in the pre-production systems), but not edit them. I have created a J2EE role for that purpose including all 6 "payload" actions available in the UME, so far that has worked fine. After the upgrade it does not seem to be enough, developer trace says "com.sap.aii.mdt.api.exceptions.AuthorizationFailedException: Your user does not have the required authorizations for this activity"

b) Along with the upgrade I am trying to set up new "last level" users for developers to be able to perform certain tasks on production systems in case of malfunctions. They are not supposed to simply get admin rights, but I want to be able to toggle between e.g. viewing and editing message payloads, viewing and editing configuration data and so on. I cannot find any proper guides on those things and support just keeps telling me to assign roles like SAP_XI_ADMINISTRATOR(_J2EE) and so on. This is not how our authorization concepts work! In the ABAP world SAP keeps telling us to not use standard roles, but copy them and fit them to our needs. I refuse to believe that this should not be possible in the J2EE world.

Does anybody know any useful guides or documentation about the needed authorizations? Or maybe someone else is having similar problems, so we can at least work together on some aspects trying to find out the necessary actions on our own?

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    May 29, 2015 at 11:48 AM

    Did you check the special actions on SAP help?

    Special Actions - SAP NetWeaver Process Integration Security Guide - SAP Library

    Here special "edit" actions are available. Please check.

    Best Regards

    H.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 29, 2015 at 12:43 PM
    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 01, 2015 at 04:16 AM

    Hi Mario,

    Has the issue resolved?

    Can you please close this thread if your query has been resolved!!!!

    Also please reward points for the helpful answers... 😊

    Regards

    Vishnu

    Add comment
    10|10000 characters needed characters exceeded

    • Thanks, but I don't want to build a whole new authorization concept, I only want to map ours to PI authorizations. And your document only lists standard roles (again) without any possibility to adjust them to our needs. Come on, there must be a better way to do this?!