Solution : https://service.sap.com/sap/support/notes/1232259 (SAP Service marketplace login required)
Summary :
This SAP Security Note addresses authorization excess for PI messaging and directory service users in PI 7.10 and 7.11 due to central Web service configuration. For security enhancements, authorization simplifications are recommended through backend procedures enabled from PI 7.30 onwards, where cache refresh processes can be assigned to a specialized user with controlled rights, cutting down excessive permissions for other users. Key setup involves modifying SXI_CACHE_CONFIG transaction settings, creating ABAP destinations, and role adaptations post-upgrade from earlier versions. Proper administrative privileges are required for these configurations.
Key words :
configuration program reports errors, abap destination sapxicache<client>, central web service configuration, pi directory service user, integration directory service users, central web service, call transaction sxi_cache_config, integration server client, pi messaging user, technical xi users
Related Notes :
| 1702097 | PI CTC: Step "Assign roles to user 'PICACHEUSER'" fails |
| 1673399 | PI Upgrade: No RFC authorization for user PIDIRUSER |
| 1606282 | Update #1 to Security Note 1232259 |