cancel
Showing results for 
Search instead for 
Did you mean: 

Restricting access to certain Softwore componenst to users

Former Member
0 Kudos

Hello Experts,

I am trying to find a way to restrict access to certain SC to selected users on Signle stack Java PI. I started with Michał Krawczyk's blog entry:

http://scn.sap.com/community/pi-and-soa-middleware/blog/2005/05/25/xi-how-to-add-authorizations-to-r...


But after implementing this solution and assigning this role to user I can still modify choosen SC, I also created a role to restrict access to all SC and still no effect.


I read that profile parameter: com.sap.aii.ib.server.lockauth.activation has to be set to true.


But there is no exchange profile in single stack, so where I can find this parameter in Single Stack Java PI ?


Perhaps there is another way to restrict access to certain object then this ?


Thank you in advance for your answers

Accepted Solutions (1)

Accepted Solutions (1)

former_member186851
Active Contributor
0 Kudos

Hello Marcin,

The paramteters can be accessed from Administration link in SAP PI home page.

Under aii Properties

com.sap.aii.util.server.auth.activation

You can set the property to true and try once.

Former Member
0 Kudos

Hey Thx,

Yes it is there and it is set to false, but how to change it, there is no change button. I guess you can only see this parameter here.

Best

former_member186851
Active Contributor
0 Kudos

Hello Marcin,

I am able to edit the same.

I guess your ID has restricted access,Ask anyone from basis to change that parameter.

If still your not finding go to Properties configuration just below aii configuraiton select Servcies->>>XPI SERVICE:All CONFIG SERVICES.

You will find the option to edit the property.

former_member182412
Active Contributor
0 Kudos

Hi Marcin,

You can do it in NWA->Java System Properties

Check below link for more details.

Role-Based Authorizations in ES Repository and Integration Directory - SAP Process Integration Secur...

Regards,

Praveen.

Former Member
0 Kudos

I am having real problem with this. When property com.sap.aii.util.server.auth.activation is set to false even test user assigned only to group everyone can modify objects in ESR and IB, when I set to true even my user which have many roles and groups assigned cannot modify those objects.

Also your link Role-Based Authorizations in ES Repository and Integration Directory - SAP Process Integration Secur... says:

com.sap.aii.ib.util.server.auth.activation - which slightly differs from

com.sap.aii.util.server.auth.activation

com.sap.aii.ib.server.lockauth.activation - Michał Krawczyk's blog

What are diffrences between those properties, I got only this one:

com.sap.aii.util.server.auth.activation - should I add others and try ?

former_member186851
Active Contributor
0 Kudos

Hello Marcin,

Create two roles.One will be

1.Unrestricted-give complete access and assign this to the user whom you wish to have complete access.

2.Restricted-add the Required SWCV and assign only this role to the restricted user.

It should work.

Former Member
0 Kudos

OK, I gave my user unrestricted access and I can edit again. Later in the day I will try to create some restricted access for testuser. But I have a feeling it willl work. Thx!

former_member186851
Active Contributor
0 Kudos

It will work Marcin,If you face any issue let us know.

Answers (1)

Answers (1)

iaki_vila
Active Contributor
0 Kudos

Hi Marcin,

My few cents, sometimes it's a good idea to think upside down, in this note 1690250 - Error when executing Display/Edit in PI ESR/Directory explains how to solve the authorization problem and link to SAP.help pages

Regards..