Monitoring Roles

Use

The access to the PI monitoring tools available in SAP NetWeaver Administrator can be managed using a set of user

roles and actions.

Features

Actions

Every role could have different actions assigned. The available actions are as follows:

For displaying monitoring data, users should be assigned at least the display action.

For executing administrative actions, users should be assigned the modify action.

For displaying message payload data, users should be assigned the payload action.

For editing message header data, users should be assigned the edit_header action.

For editing message payload data, users should be assigned the edit_payload action.

Roles

The list below provides information about the available roles and the actions they provide:

The SAP_XI_ADMINISTRATOR_J2EE role provides the display, modify, and payload actions.

The SAP_XI_DISPLAY_USER_J2EE role provides the display action.

The SAP_XI_DEVELOPER_J2EE role provides the display and modify actions.

The SAP_XI_CONFIGURATOR_J2EE role provides the display and modify actions.

The SAP_XI_CONTENT_ORGANIZER_J2EE role provides the display and modify actions.

The SAP_XI_MONITOR_J2EE role provides the display, modify, and payload actions.

The SAP_XI_MESSAGE_MODIFY role provides the edit_header and edit_payload actions.

The SAP_XI_RWB_SERV_USER role provides the display action.

The SAP_JAVA_NWADMIN_LOCAL_READONLY role provides the display and payload actions.

The SAP_WS_ADMIN_BIZ_GLB role provides the display, modify, payload, edit_header,

and edit_payload actions.

 The SAP_WS_CONFIG_BIZ_GLB role provides the display, modify, payload, edit_header,

and edit_payload actions.

The NWA_READONLY role provides the display action.

The NWA_SUPERADMIN role provides the display and modify actions.

Roles per Actions

The table below provides a summary of the roles and actions:

Actions Roles

display SAP_XI_DISPLAY_USER_J2EE, SAP_XI_RWB_SERV_USER, NWA_READONLY

display and modify SAP_XI_DEVELOPER_J2EE, SAP_XI_CONFIGURATOR_J2EE, SAP_XI_CONTENT_ORGANIZER_J2E

E,NWA_SUPERADMIN

display and payload SAP_JAVA_NWADMIN_LOCAL_READONLY

display, modify, and payload SAP_XI_ADMINISTRATOR_J2EE, SAP_XI_MONITOR_J2EE

edit_header and edit_payload SAP_XI_MESSAGE_MODIFY

modify, display, payload, edit_ SAP_WS_ADMIN_BIZ_GLB, SAP_WS_CONFIG_BIZ_GLB

header, andedit_payload

More Information
In addition to the roles and actions described above, you can also use dedicated actions to set which

monitoring applications the user would be able to access. For more information, see PI Plug-In Actions .

The user roles in AS ABAP that are required to use the tools intended for monitoring the Integration Engine

can be managed using transactionPFCG. For more information about these user roles, see the security

guide for SAP Process Integration.

For more information about managing users and roles in AS Java, see User Management of the Application

Server Java .

In message monitoring for adapter engines, you can restrict access to the message payload for certain

types of messages. To do this, you have to create your own actions and group them into roles. For more

information, see SAP Note 1370334 .