Skip to Content
Sep 22, 2009 at 06:13 PM

Minimum role and authorization for invoking a PI hosted WebService


Hi all!

I have a question for you:

I have a SOAP -> PI -> RFC interface, that has to be used for a third party client.. so as they wanted to test it in their system I have to give them a user to do it..

Of course I'd like to create a user with the minimum permissions just to invoke that WS. So I started searching in here and I found these sites:

- soap-sender---minimal-authorization

Even using just SAP_XI_ADMINISTRATOR_J2EE and SAP_XI_APPL_SERV_USER the problem is that that user can enter to the IR or ID and create/change whatever he wants..

- user-and-role-in-sender-soap-call

After finding the Security Role xi_adapter_soap_message, I didn't find the group to assign the recently created user to.

I also searched in here:

And I tried with SAP_XI_DISPLAY_USER and SAP_XI_MONITOR but they aren't enough to invoke the WS.

So, in summary I'd like (of course if possible) if there are a group, or one, roles.. to just invoke the WS but that these group don't allow to enter to modifying transactions in the ABAP stack, neither creating/changing objects in IR, ID, SLD, etc.

Thanks in advance.