https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641101#M608006 <HTML><HEAD></HEAD><BODY><P>Hello Alice,</P><P></P><P>Developer roles in Dev:</P><P>SAP_XI_DEVELOPER</P><P>SAP_XI_CONFIGURATOR</P><P>SAP_XI_DISPLAY</P><P>SAP_XI_MONITOR</P><P></P><P>Developer roles in Qty:</P><P></P><P>SAP_XI_DISPLAY</P><P>SAP_XI_MONITOR</P><P>SAP_XI_SUPPORT</P><P></P><P>Administrator roles in Dev:</P><P></P><P>SAP_XI_CONFIGURATOR</P><P>SAP_XI_ADMINISTRATOR</P><P>SAP_XI_DISPLAY</P><P>SAP_XI_MONITOR</P><P>SAP_XI_SUPPORT</P><P></P><P>Administrator roles in Qty:</P><P></P><P>SAP_XI_CONFIGURATOR</P><P>SAP_XI_ADMINISTRATOR</P><P>SAP_XI_DISPLAY</P><P>SAP_XI_MONITOR</P><P></P><P>Administraor roles in Prod will be very restricetd and should be used with same as Qty but its advisable to keep the user locked.</P><P></P><P>A small note here. When you try to copy standard Java roles they will not work due to permissions problem. SAP Recommonds to use customized ABAP roles and Standard JAVA roles without changing them. But if you want to copy JAVA roles into customized roles, then please let me know. I will explain the procedure.</P><P></P><P>Farooq.</P></BODY></HTML> Thu, 23 Aug 2007 14:16:32 GMT Former Member 2007-08-23T14:16:32Z https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641099#M608004 <HTML><HEAD></HEAD><BODY><P>Hello everyone,</P><P></P><P>Iam relatively new to XI security. I'd like to know what roles are essential for developers and administrators in &lt;b&gt;production&lt;/b&gt;? we already developed some roles in dev box but developers seem to have lot of authorizations which should be restricted in production. How do i decide which roles are necessary ? Are there any transactions( XI specific) or roles that developers should not be given access.</P><P>Please suggest.</P><P> </P><P>Cheers.</P></BODY></HTML> Thu, 23 Aug 2007 02:53:24 GMT https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641099#M608004 Former Member 2007-08-23T02:53:24Z https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641100#M608005 <HTML><HEAD></HEAD><BODY><P>Hello Alice,</P><P></P><P>i can not answer your question, but i think you will be able to help me.. <SPAN __jive_emoticon_name="happy"></SPAN></P><P></P><P>I am searching for dev-roles for the XI. I have created the basis rolses based on folwowing SAP-standard roles:</P><P>SAP_XI_ADMINISTRATOR_ABAP</P><P>SAP_XI_ADMINISTRATOR_J2EE</P><P>SAP_XI_CONFIGURATOR_ABAP</P><P>SAP_XI_CONFIGURATOR_J2EE</P><P>SAP_XI_CONTENT_ORGANIZER_ABAP</P><P>SAP_XI_CONTENT_ORGANIZER_J2EE</P><P>SAP_XI_DEVELOPER_ABAP</P><P>SAP_XI_DEVELOPER_J2EE</P><P>SAP_XI_DISPLAY_USER_ABAP</P><P>SAP_XI_DISPLAY_USER_J2EE</P><P>SAP_XI_MONITOR_ABAP</P><P>SAP_XI_MONITOR_J2EE</P><P>SAP_XI_SUPPORT_ABAP</P><P>SAP_XI_SUPPORT_J2EE</P><P></P><P>Are there any other roles which are necessary or do you have a hint for me, which role should get more / lessauthorization? </P><P></P><P>THX for your answer in Advance.</P><P>Markus</P></BODY></HTML> Thu, 23 Aug 2007 06:43:03 GMT https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641100#M608005 Former Member 2007-08-23T06:43:03Z https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641101#M608006 <HTML><HEAD></HEAD><BODY><P>Hello Alice,</P><P></P><P>Developer roles in Dev:</P><P>SAP_XI_DEVELOPER</P><P>SAP_XI_CONFIGURATOR</P><P>SAP_XI_DISPLAY</P><P>SAP_XI_MONITOR</P><P></P><P>Developer roles in Qty:</P><P></P><P>SAP_XI_DISPLAY</P><P>SAP_XI_MONITOR</P><P>SAP_XI_SUPPORT</P><P></P><P>Administrator roles in Dev:</P><P></P><P>SAP_XI_CONFIGURATOR</P><P>SAP_XI_ADMINISTRATOR</P><P>SAP_XI_DISPLAY</P><P>SAP_XI_MONITOR</P><P>SAP_XI_SUPPORT</P><P></P><P>Administrator roles in Qty:</P><P></P><P>SAP_XI_CONFIGURATOR</P><P>SAP_XI_ADMINISTRATOR</P><P>SAP_XI_DISPLAY</P><P>SAP_XI_MONITOR</P><P></P><P>Administraor roles in Prod will be very restricetd and should be used with same as Qty but its advisable to keep the user locked.</P><P></P><P>A small note here. When you try to copy standard Java roles they will not work due to permissions problem. SAP Recommonds to use customized ABAP roles and Standard JAVA roles without changing them. But if you want to copy JAVA roles into customized roles, then please let me know. I will explain the procedure.</P><P></P><P>Farooq.</P></BODY></HTML> Thu, 23 Aug 2007 14:16:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641101#M608006 Former Member 2007-08-23T14:16:32Z https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641102#M608007 <HTML><HEAD></HEAD><BODY><P>Thanks a bunch, Farooq. That really helps.</P><P></P><P>We already have customized ABAP roles and we're using SAP standard JAVA roles. I would definetely like to know how to copy JAVA roles into customized roles.</P><P></P><P>Markus,</P><P></P><P>As Farooq mentioned, you can copy the ABAP roles into customized roles and use SAP std JAVA roles.</P><P></P><P> A small tip, you might want to take away SU01 &amp; PFCG authorizations from these roles.</P></BODY></HTML> Thu, 23 Aug 2007 17:17:12 GMT https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641102#M608007 Former Member 2007-08-23T17:17:12Z https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641103#M608008 <HTML><HEAD></HEAD><BODY><P>Alice, </P><P></P><P>Java roles work with influence of permissions in Application Server which we call actions in UME. As you are aware in PI user master record will be in ABAP stack. So the roles in ABAP stack will be having only RFC connections to JAVA stack for the specific JAVA based role. So you need to edit the permission on Java App Server. For that you need to log on to server through visual admin and then go to services and you will find the standard groups assigned to actions. But I don&#146;t remember that under which service you will find them </P><P></P><P>Under that service you will find some 200 actions. And you have to add the name of the custom created JAVA roles on ABAP to all those actions where you find the standard roles. And its a very very lengthy procedure. So SAP advice to go for customized ABAP roles and Standard JAVA roles. </P><P></P><P>Hope this answer clears your query. </P><P></P><P>Farooq.</P></BODY></HTML> Thu, 23 Aug 2007 17:47:26 GMT https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641103#M608008 Former Member 2007-08-23T17:47:26Z https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641104#M608009 <HTML><HEAD></HEAD><BODY><P>I appreciate your insight &amp; prompt response.</P><P></P><P>Do you have a document for this &#133;copying SAP Java roles to custom roles. If so, please email it to suudsv@yahoo.co.in</P><P></P><P>I also have another question..what is the difference between a UME role and J2EE security role? Can you give a example.</P><P></P><P>Thanks in advance.</P></BODY></HTML> Thu, 23 Aug 2007 19:18:04 GMT https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641104#M608009 Former Member 2007-08-23T19:18:04Z https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641105#M608010 <HTML><HEAD></HEAD><BODY><P>I don't have any document on this. I found it myself after 2 weeks of research. </P><P></P><P>Farooq.</P></BODY></HTML> Thu, 23 Aug 2007 19:41:15 GMT https://community.sap.com/t5/application-development-and-automation-discussions/xi-security/m-p/2641105#M608010 Former Member 2007-08-23T19:41:15Z