Roles required for creating and consuming SAP ABAP Web Services

There are several ways to retrieve and visualize data from SAP in Xcelsius. One way is consuming a SAP Web Service, which can be generated from a Function Module. In an earlier article we have described how to create and consume a web service. This article describes the required authorization.

By creating and consuming web services we can make a distinction between different required users:

• ABAP developer (for creating the Function Module)
• Web Service support (for creating Endpoints)
• End-users (for consuming the web service in Xcelsius)

ABAP Developer

The first user (the ABAP developer) should have an ABAP developers key assigned to his role. Furthermore, this user needs the default roles an ABAP developer should have, because a Function Group and a Function Module need to be created. This kind of user should have all the authorization on the development machine.

Web Service support

A Web Service needs to have an endpoint before it can be used from within Xcelsius. A problem is that this endpoint cannot be transported from development to other systems in the landscape. For this reason a manual action is required by the support team. The following authorization is required for the Web Service support users (on every system in the landscape):

A role can be created via transaction PFCG.

End-Users

End users can only consume an ABAP Web Service if they are authorized for this. The following authorization object is required for consuming a Web Service. Note that this role should be assigned to the end-users on all systems that will contain the web service.

A role for this authorization can be created via transaction PFCG. It’s recommended to add this authorization to a default end-user role in your system.