I have a question for you:
I have a SOAP -> PI -> RFC interface, that has to be used for a third party client.. so as they wanted to test it in their system I have to give them a user to do it..
Of course I'd like to create a user with the minimum permissions just to invoke that WS. So I started searching in here and I found these sites:
Even using just SAP_XI_ADMINISTRATOR_J2EE and SAP_XI_APPL_SERV_USER the problem is that that user can enter to the IR or ID and create/change whatever he wants..
After finding the Security Role xi_adapter_soap_message, I didn't find the group to assign the recently created user to.
I also searched in here: http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
And I tried with SAP_XI_DISPLAY_USER and SAP_XI_MONITOR but they aren't enough to invoke the WS.
So, in summary I'd like (of course if possible) if there are a group, or one, roles.. to just invoke the WS but that these group don't allow to enter to modifying transactions in the ABAP stack, neither creating/changing objects in IR, ID, SLD, etc.
Thanks in advance.