AIF20 Master Guide

7/25/2019 AIF20 Master Guide

1/52

Master Guide

SAPApplication Interface Framework 2.0

Using SAP AIF 701 and SAP AIFX 701

Target Audience

Consultants Administrators Others

PublicDocument version 1.0 08/ 29/ 2012


2/52

Master Guide SAP Appl ication Interface Framework 2.0

2 August 2012

History of ChangesThe Master Guide is regularly updated in SAP Service Marketplaceatht t p: / / servi ce. sap. com/ i nst gui des.

Make sure you have the latest version of the Master Guide by checking SAPService Marketplaceimmediately before starting the installation.

The following table provides an overview of the most important changes that were made inthe latest versions.

Master Guide Version Important Changes

1.00 (August 29, 2012) First release of this Master Guide


3/52


August 2012 3

Contents

History of Changes ................................................................................ 2

1 Gett ing Started................................................................................. 5

1.1 About this Document ....................................................................... 5

1.2 Related Information ......................................................................... 71.2.1 Planning Information .......................................................................... 7

1.2.2 Further Useful Links ........................................................................... 7

1.2.3 Related Master Guides ........................................................................ 8

1.2.4 Related Operations Information ......................................................... 8

1.3 Important SAP Notes ..................................................................... 10

2 SAP Application Interface Framework Overview ....................... 12

2.1 Software Units of the SAP Application Interface Framework .... 13

2.2 Software Component Matrix ......................................................... 14

2.3 System Landscape ......................................................................... 16

2.4 Overall Implementation Sequence ............................................... 19

3 Business Scenarios of the SAP Application InterfaceFramework ........................................................................................ 20

4 Securit y Considerations ............................................................... 21

4.1 Fundamental Secur ity Guides ...................................................... 21

4.2 Authorization Objects .................................................................... 22

4.2.1 Authorization Object for Interface Process ing /AIF/PROC ............ 22

4.2.2 Authorization Object for Customizing Steps /AIF/CUST ................ 23

4.2.3 Authorization Objects for Error Handl ing /AIF/ERR ....................... 24

4.2.4 Authorization Object for Technical Error Handl ing /AIF/TECH ..... 25

4.2.5 Authorization Object for Emergency Corrections /AIF/EMC ......... 25

4.2.4 Authorization Objects for Custom Functions /AIF/CFUNC ............ 26

4.2.4 Authorization Objects for Custom Hints /AIF/HINTS ...................... 26

4.2.4 Authorization Object fo r Interface Determination /AIF/IFDET ....... 27

4.2.6 Author ization Object for Value Mapping Maintenance/AIF/VMAP ................................................................................................... 28

4.3 Template Roles ............................................................................... 29

4.3.1 Single Roles ....................................................................................... 29

4.3.2 Composite Roles ............................................................................... 41

4.4 Interface- and Key-Field-Specif ic Authorizations ....................... 45

4.5 Cons iderations about Data Protection......................................... 464.5.1 Single or Multi Message Index Table ............................................... 46

4.5.2 Log of Changes in the Error Handling ............................................. 46

4.5.3 Information Contained in Interface Data ......................................... 46

5 References ..................................................................................... 47

6 Media List ....................................................................................... 49
http://service.sap.com/instguides


4/52


4 August 2012

7 Release Availabi li ty Information .................................................. 50


5/52

1 Getting Started

1.1 About this Document

August 2012 5

1 Getting Started

1.1 About this DocumentPurpose

This Master Guide is the central starting point for the technical implementation of the SAPApplication Interface Framework. You can find cross-scenario implementation information aswell as scenario-specific information in this guide.

Use the Master Guide to get an overview of the SAP Application Interface Framework,itssoftware units, and its scenarios from a technical perspective. The Master Guide is aplanning tool that helps you to design your system landscape. It refers you to the requireddetailed documentation, mainly:

Installation guides for single software units

SAP Notes

Configuration documentation

SAP Library documentation

The Master Guide consists of the following main sections:

Section 1 Getting Started explains how to use this document and related information(documentation and SAP Notes) that is crucial to the installation and upgrade.

Section 2 SAP Application Interface Framework Overviewprovides essential informationabout the supported scenarios, the installable software units, software component matrix,as well as how to plan your system landscape. Section 2 provides an overallimplementation sequence with related information (documentation and SAP Notes) andprovides the information about how to install the SAP Application Interface Framework by

referring to the relevant SAP Notes. Section 3 Business Scenarios of the SAP Application Interface Framework contains

information about the supported business scenarios/processes.

Section 4 Security Considerations provides the security information that is specific to theSAP Application Interface Framework (authorization objects and roles). This section alsoprovides a collection of links to SAPs various security topics.

Section 5 Referencesprovides a list of all the required SAP Notes and the documents thatare mentioned in this Master Guide.

Section 6 Media List provides information on the data carriers and the softwarecomponents contained in them.

Section 7 Release Availability Information contains information about the available

software releases, required base software and other availabilities regarding the FocusedBusiness Solution for the SAP Application Interface Framework.

You can find the most current information about the technical implementationof the SAP Application Interface Frameworkand the latest installation andconfiguration guides on SAP Service Marketplace atht t p: / / servi ce. sap. com/ i nst gui des.We strongly recommend that you use the documents available here. Theguides are regularly updated.
http://service.sap.com/instguideshttp://service.sap.com/instguides


6/52

1 Getting Started

1.1 About this Document

6 August 2012

Constraints

The business scenarios that are presented here serve as examples of how you can use SAP

software in your company. The business scenarios are only intended as models and do notnecessarily run the way they are described here in your customer-specific system landscape.Ensure to check your requirements and systems to determine whether these scenarios canbe used productively at your site. Furthermore, we recommend that you test these scenariosthoroughly in your test systems to ensure they are complete and free of errors before goinglive.


7/52

1 Getting Started

1.2 Related Info rmation

August 2012 7

1.2 Related Information

1.2.1 Planning InformationFor more information about planning topics not covered in this guide, see the followingcontent on SAP Service Marketplace:

Content Location on SAP Service Marketplace

Latest versions of installation and upgradeguides

*In this Master Guide, see the SAP Notes listedin the below section 1.3 Important SAP Notes.

Overview application information as well asthe collection of function- and process-oriented information about the SAPApplication Interface Framework

*Application Help for SAP Application InterfaceFramework 2.0 on the SAP Help Portal athttp://help.sap.com

->SAP Business Suite -> SAP ERP Add-On ->SAP Application Interface Framework

Or directly athttp://help.sap.com/aif

SAP Business Maps - information aboutapplications and business scenarios

ht t p: / / ser vi ce. sap. com/ busi nessmaps

Sizing, calculation of hardware requirements- such as CPU, disk and memory resource -with the Quick Sizer tool

ht t p: / / servi ce. sap. com/ qui cksi zer

Released platforms and technology-relatedtopics such as maintenance strategies andlanguage support

ht t p: / / servi ce. sap. com/ pl at f orms

To access the Platform Availability Matrix directly,enter ht t p: / / servi ce. sap. com/ pam.

Network security ht t p: / / ser vi ce. sap. com/ secur i t ygui de

High Availability ht t p: / / www. sdn. sap. com/ i r j / sdn/ ha

Performance ht t p: / / ser vi ce. sap. com/ per f ormance

Information about Support Package Stacks,latest software versions and patch levelrequirements

ht t p: / / ser vi ce. sap. com/ sp- st acks

Information about Unicode technology ht t p: / / www. sdn. sap. com/ i r j / sdn/ i 18n

1.2.2 Further Useful Links

The following table lists further useful links on SAP Service Marketplace:Content Location on SAP Service Marketplace

Information about creating error messages ht t p: / / ser vi ce. sap. com/ message

SAP Notes search ht t p: / / servi ce. sap. com/ not es

SAP Software Distribution Center (softwaredownload and ordering of software)

ht t p: / / ser vi ce. sap. com/ swdc

SAP Online Knowledge Products (OKPs) role-specific Learning Maps

ht t p: / / servi ce. sap. com/ r kt
http://help.sap.com/http://help.sap.com/http://help.sap.com/aifhttp://help.sap.com/aifhttp://service.sap.com/businessmapshttp://service.sap.com/quicksizerhttp://service.sap.com/platformshttp://service.sap.com/pamhttp://service.sap.com/securityguidehttp://www.sdn.sap.com/irj/sdn/hahttp://service.sap.com/performancehttp://service.sap.com/sp-stackshttp://www.sdn.sap.com/irj/sdn/i18nhttp://service.sap.com/messagehttp://service.sap.com/noteshttp://service.sap.com/noteshttp://service.sap.com/swdchttp://service.sap.com/rkthttp://service.sap.com/rkthttp://service.sap.com/swdchttp://service.sap.com/noteshttp://service.sap.com/messagehttp://www.sdn.sap.com/irj/sdn/i18nhttp://service.sap.com/sp-stackshttp://service.sap.com/performancehttp://www.sdn.sap.com/irj/sdn/hahttp://service.sap.com/securityguidehttp://service.sap.com/pamhttp://service.sap.com/platformshttp://service.sap.com/quicksizerhttp://service.sap.com/businessmapshttp://help.sap.com/aifhttp://help.sap.com/


8/52

1 Getting Started


8 August 2012

1.2.3 Related Master GuidesIn this Master Guide, the following SAP applications are frequently referred to, particularly forexplaining topics such as integration scenarios, planning of the system landscape, and so on.You can find more information about the relevant applications in the following documents:

Title Location

Master GuideSAP NetWeaver 7.0

http://service.sap.com/instguidesNW70

-> Installation-> MasterGuide

Master GuideSAP NetWeaver PI 7.1


-> SAP NetWeaver-> SAP NetWeaver PI 7.1->Installation-> MasterGuide

Master GuideSAP ERP 6.0


-> SAP Business Suite Applications-> SAP ERP->SAP ERP 6.0-> Planning

Master GuideSAP Customer RelationshipManagement 7.0

http://service.sap.com/instguides -> SAP Business Suite Applications -> SAP CRM 7.0-> Plan

1.2.4 Related Operations InformationThe SAP Application Interface Framework is based on an SAP NetWeaver 7.0 system.Therefore, the general operations information for the following areas is covered in theoperations guide of SAP NetWeaver:

Technical system landscape

Overview of technical runtime scenarios, which result from setting up the correspondingbusiness scenarios

Backup and recovery

High availability concept

Starting and stopping (by which means and in which sequence)

Scenario administration concept (possible dependencies between scenario components)

Concept for data archiving and management of outdated technical data

Software change management

Scenario maintenance concept

Concept for handling customer development

Support desk management

Troubleshooting

You can find more information about the corresponding operations guides for SAPNetWeaverin the following table:

Title Location

Operations guides available for SAPNetWeaver

http://service.sap.com/installnw70

under SAP NetWeaver 7.0 -> Operations

SAP NetWeaver Administrators Guide Technical Operations Manual

SAP Help Portal athttp://help.sap.com/nw70 under SystemAdministration -> Technical Operations Manual

For a complete list of the available SAP Operations Guides, see

http://service.sap.com/instguides .
http://service.sap.com/instguidesNW70http://service.sap.com/instguideshttp://service.sap.com/instguideshttp://service.sap.com/instguideshttp://service.sap.com/installnw70http://help.sap.com/nw70http://help.sap.com/nw70http://service.sap.com/instguideshttp://help.sap.com/nw70http://service.sap.com/installnw70http://service.sap.com/instguideshttp://service.sap.com/instguideshttp://service.sap.com/instguideshttp://service.sap.com/instguidesNW70


9/52

1 Getting Started


August 2012 9

The operations information that is specific to SAP Application Interface Frameworkisincluded in the Application Helpof the SAP Application Interface Frameworkin thesections TheSAP Application Interface Framework for Business Users andThe SAPApplication Interface Framework for IT Personnel. In these sections the following topics arecovered:

Monitoring concept

Logging and tracing

Technical configuration

Periodical tasks

Concepts for monitoring, error handling, restart, and recovery of interfaces


10/52

1 Getting Started

1.3 Important SAP Notes

10 August 2012

1.3 Important SAP NotesYou must read the following SAP Notes before you start the installation. These SAP Notes

contain the most recent information on the installation, as well as corrections to theinstallation documentation.

Make sure that you have the up-to-date version of each SAP Note, which you can find onSAP Service Marketplace at ht t p: / / servi ce. sap. com/ not es.

Installation Notes

SAP Note Number Title Description

1747710 AIF 701: Installation Note See this note for the detailedinformation about installingthe main component AIF 701of SAP Application InterfaceFramework 2.0.

1747711 AIFX 701: Installation Note See this note for the detailedinformation about installingthe optional component AIFX701 of SAP ApplicationInterface Framework 2.0.

1530212 SAP Application InterfaceFramework FAQ

See this note for frequentlyasked questions about theSAP Application InterfaceFramework.

Relevant Notes of SAP NetWeaver

SAP Note Number Title Description

1684718 WDA: Transaction WDYID -Configuration ID is lost

Only needed if you install theoptional component AIFX701 and use Monitoring andError Handling (Web)fromthe SAP Easy Access menu.

1241303 Dynamic documents: Multipleregistration of events

In a dynamic document, as itis used in the InterfaceOverview transaction of theSAP Application InterfaceFramework, form elements

such as pushbuttons, inputfields, selection lists, andhyperlinks respond severaltimes to an event.

1726101 Tables with more then fivekey elements are notsupported

This note is only needed ifyou install the optionalcomponent AIFX 701 anduse the ServiceImplementation Workbench(SIW) template.

1705786 SIW: Language conflict withLOCAL packages

This note is only needed ifyou install the optional

component AIFX 701 and
http://service.sap.com/noteshttp://service.sap.com/noteshttps://service.sap.com/sap/support/notes/1747710https://service.sap.com/sap/support/notes/1747711https://service.sap.com/sap/support/notes/1530212https://service.sap.com/sap/support/notes/1684718https://service.sap.com/sap/support/notes/1241303https://service.sap.com/sap/support/notes/1726101https://service.sap.com/sap/support/notes/1705786https://service.sap.com/sap/support/notes/1705786https://service.sap.com/sap/support/notes/1726101https://service.sap.com/sap/support/notes/1241303https://service.sap.com/sap/support/notes/1684718https://service.sap.com/sap/support/notes/1530212https://service.sap.com/sap/support/notes/1747711https://service.sap.com/sap/support/notes/1747710http://service.sap.com/notes


11/52

1 Getting Started


August 2012 11

use the SIW template.

1698269 SIW: Misleading errormessage

This note is only needed ifyou install the optionalcomponent AIFX 701 and

use the SIW template.

1718473 SIW: Dump after leavingungenerated project

This note is only needed ifyou install the optionalcomponent AIFX 701 anduse the SIW template.
https://service.sap.com/sap/support/notes/1698269https://service.sap.com/sap/support/notes/1718473https://service.sap.com/sap/support/notes/1718473https://service.sap.com/sap/support/notes/1698269


12/52

2 SAP Application Interface Framework Overview


12 August 2012

2 SAP Application Interface FrameworkOverviewThe SAP Application Interface Framework enables you to develop and monitor interfaces aswell as execute error handling in a single framework residing in your SAP backend system.

Possible sources of demand for SAP Application Interface Framework are:

You have a complex, heterogeneous system landscape

You want to decouple technical and business aspects of your interfaces, thusenabling business users to perform error handling

You use different technologies to implement interfaces, so you have duplicate effortsfor implementing the same logic in multiple technologies

You have to use multiple monitoring tools for different basis technologies and wouldlike to use one tool to simplify the monitoring and error handling

You experience difficulties in enforcing interface implementation guidelines

You need to restrict access to interface data to fulfill your regulatory or companycompliance rules

SAP Application Interface Framework enables you to:

Implement interfaces in an easy and structured way mainly based on Customizing

Re-use interface building blocks (checks, structure mappings, value mappings,actions, functions) inside of multiple interfaces and for different basis technologies

Do functional instead of technical monitoring

Restrict interface data and error monitor access by flexible authorization rules

Enforce interface implementation guidelines

SAP Application Interface Framework provides you with the following functions:

A powerful framework for the implementation of interfaces A user-friendly transaction for interface monitoring and error handling

Tools for configuration and operations

The following chapters give an overview of the software components that are required withinthe SAP Application Interface Framework and its business scenarios.


13/52

2 SAP Appl ication Interface Framework Overview

2.1 Software Units o f the SAP Application Interface Framework

August 2012 13

2.1 Software Units of the SAP Application

Interface FrameworkThe following table contains the software units that you require to set up your systemlandscape:

Software Unit Release

SAP Application Interface Framework 2.0 (component AIF) 701

SAP NetWeaver 700, SP17 or above

If you want to use the Web-based Monitoring and Error Handlingtransaction, the ServiceImplementation Workbench (SIW) to generate AIF interfaces, or the integration with the Errorand Conflict Handler (ECH), the minimum requirements are the following:

Software Unit Release

SAP Application Interface Framework (component AIF) 701

SAP Application Interface Framework Extension (component AIFX) 701

SAP NetWeaver 731, SP01 or above

Make sure all the relevant and available support packages (SPs) andenhancement packages (EHPs) are also applied when any of the abovesoftware units are installed. For the latest component version and patch levelrequirements, see http://service.sap.com/sp-stacks .
http://service.sap.com/sp-stackshttp://service.sap.com/sp-stackshttp://service.sap.com/sp-stacks


14/52


14 August 2012

2.2 Software Component MatrixSupported Integration ScenariosThe SAP Application Interface Framework can be used on any SAP application systembased on SAP NetWeaver 7.0 SP17 (or above). This is why the Master Guide cannot coverall possible integration scenarios. Only a limited number of common integration scenarios arecovered:

Integration scenario SAP ERP

Integration scenario SAP SRM

Integration scenario SAP ERP + SAP CRM

IDoc integration scenarios

o Monitor existing IDocs in the Monitoring and Error Handlingtransaction

o Process IDocs using AIF and call an IDoc function module in an actiono Process IDocs using AIF and call a BAPI in an actiono Process IDocs using ALE and write index tables with the AIF enabler

With the SAP Application Interface Framework, you can use one or multiple interfacetechnologies (for example, proxy messages or IDocs) for integration and monitoring. For anyintegration scenario you are using, you need to make sure that the systems you want toconnect are capable of handling the chosen interface technology. You also need to makesure to use one of the interface technologies supported by the SAP Application InterfaceFramework or to implement the support for the chosen interface technology in the SAPApplication Interface Framework using a custom engine.

The table below shows the mapping of the software units to each of the integration scenariosto build a system landscape with the SAP Application Interface Framework. You can seewhich software units are mandatory and which other software units are optional to realizeeach integration scenario.

Integration Scenario SAP ERP

Software Unit InstallationObligatory orOptional

Comments

SAP Application Interface Framework add-on basedon SAP NetWeaver 7.0

Obligatory -

SAP NetWeaver 7.0 or the Enhancement Packages

for 7.0 Obligatory -

SAP NetWeaver PI 7.0 Optional -

SAP ERP 6.0 or the Enhancement Packages for 6.0 Obligatory -

Integration Scenario SAP SRM


Comments


Obligatory -

SAP NetWeaver 7.0 or the Enhancement Packages Obligatory -


15/52


2.2 Software Component Matrix

August 2012 15

for 7.0


SAP SRM 7.0 Obligatory -

Integration Scenario SAP ERP + SAP CRM


Comments


Obligatory -

SAP NetWeaver 7.0 or the Enhancement Packagesfor 7.0

Obligatory -


SAP ERP 6.0 or the Enhancement Packages for 6.0 Obligatory -

SAP CRM 7.0 Obligatory -

IDoc Integration Scenarios

There are multiple interface integration scenarios which can be built using IDoc technology.Depending on the integration scenario used, different features of the SAP ApplicationInterface Framework are available. It is possible to use multiples of these integrationscenarios for different interfaces.

The following four different scenarios, in which you can process and monitor IDocs, areavailable:

IDoc Scenario 1: Monitoring of existing IDocs in Monitoring and Error Handling IDoc Scenario 2: Processing IDocs using AIF and calling an IDoc function module in

an action IDoc Scenario 3: Processing IDocs using AIF and calling a BAPI in an action IDoc Scenario 4: Processing IDocs using ALE and writing index tables with the AIF

enabler

More detailed descriptions about these scenarios, as well as the corresponding features ofthe SAP Application Interface Framework 2.0, can be found in the Application Help(http://help.sap.com/aif, Technology Support -> IDoc Support -> IDoc Scenarios).

Based on your integration scenario, you can implement various business processes. TheSAP Application Interface Framework does not provide standard business processes.Instead, you have to implement your own business processes and corresponding interfacesusing the SAP Application Interface Framework.

This Master Guide provides just one way to implement each businessscenario. For other ways to implement business scenarios, see the Scenario& Process Component List in SAP Service Marketplace atht t p: / / servi ce. sap. com/ scl .The Scenario & Process Component Listhelps you to find realization alternatives for SAP solutions, businessscenarios, and processes. It shows you which application components areneeded to realize a business scenario or process.
http://help.sap.com/aifhttp://help.sap.com/aifhttp://service.sap.com/sclhttp://service.sap.com/sclhttp://service.sap.com/sclhttp://help.sap.com/aif


16/52


2.3 System Landscape

16 August 2012

2.3 System LandscapeThe SAP Application Interface Framework offers various system landscape options

depending on the customers business requirements and possible system deployments. Inthe following section, exemplary system deployments are presented with the characteristicsand restrictions of each case.

General

The integration scenarios involve at least 2 systems, that is, a legacy system and an SAPbackend system that contains the SAP Application Interface Framework. The integrationscenarios can optionally involve an SAP NetWeaver PI. The legacy system can be anysystem that is able to exchange information with directly with the SAP backend system orwith the SAP NetWeaver PI system. Every SAP application system based on SAPNetWeaver 7.0 SP17 (and above) is supported as the SAP backend system.

For any integration scenario you are using, you need to make sure that the systems you wantto connect are capable of handling the chosen interface technology.

In your business processes, the legacy system can act as sender or receiver of information.

As a sender, the legacy system is the data source and sends data directly to the SAP

backend system or to the SAP NetWeaver PI system.If you choose to use direct integration between the legacy system and the SAP backendsystem, data is sent directly from the legacy system to the SAP backend system.

If you choose to use SAP NetWeaver PI for integration, SAP NetWeaver PI can act as theinformation broker, provide security features, and offer many other technical integrationcapabilities. Here, the technical mapping of the data structures or technical formatconversions (for example, using existing adapters) can be executed. If the communicationchannel in your SAP NetWeaver PI is correctly configured, the message is sent to your SAPbackend system. The SAP Application Interface Framework resides within the SAP backendsystem and provides different additional features depending on the chosen integrationscenario.

If data is sent through the SAP NetWeaver PI system, you have the option to use differentinterface technologies for communication between the legacy system and SAP NetWeaver PIand between SAP NetWeaver PI and the SAP backend system. In this case, a technicalformat conversion needs to be done in SAP NetWeaver PI to translate from one interfacetechnology to the other.

In both scenarios, the SAP Application Interface Framework in the SAP backend systemprovides the monitoring and error handling functionality.

Note that the interface setting, mapping, interface variants, and error handlingsettings in the SAP Application Interface Framework are client-dependent.You have to make sure that message processing and error handling isexecuted in the correct client.

Legacy System

SAP NetWeaver PI

SAP BackendSystem

SAP ApplicationInterface

FrameworkAddOn


17/52



August 2012 17

As a receiver, the legacy system is the consumer of information sent by the SAP backendsystem using the SAP Application Interface Framework. When triggered manually or by anapplication, the SAP Application Interface Framework executes the mapping from the internalto the external structure and sends the information in the external format directly to the legacysystem or to SAP NetWeaver PI.

If you choose to use direct integration between the SAP backend system and the legacysystem, data is sent directly from the SAP backend system to the legacy system.

If you choose to use SAP NetWeaver PI for integration, SAP NetWeaver PI can act as theinformation broker, provide security features, and offer many other technical integrationcapabilities. Here, the technical mapping of the data structures or technical formatconversions (for example, using existing adapters) can be executed. If the communicationchannel in your SAP NetWeaver PI is correctly configured, the message is sent to the legacysystem.

If data is sent through the SAP NetWeaver PI system, you have the option to use differentinterface technologies for communication between the SAP backend system and SAPNetWeaver PI and between SAP NetWeaver PI and the legacy system. In this case, atechnical format conversion needs to be done in SAP NetWeaver PI to translate from oneinterface technology to the other.

Example 1: SAP Appli cation Interface Framework installed on SAP ERP

In this example, an SAP ERP system acts as the SAP backend system as described in thegeneral scenario above.

Example 2: SAP Appli cation Interface Framework installed on SAP SRM

In this example, an SAP SRM system acts as the SAP backend system as described in thegeneral scenario above.

Example 3: SAP Appli cation Interface Framework installed on SAP ERP and SAP CRM

Legacy System

SAP NetWeaver PI

SAP ERP


FrameworkAddOn

Legacy System

SAP NetWeaver PI

SAP SRM

SAP Appli cationInterface

FrameworkAddOn


18/52



18 August 2012

In this example, there is more than one SAP backend system. Every SAP backend systemrequires its own installation of the SAP Application Interface Framework.

We strongly recommend that you use a minimal system landscape for testand demo purposes only. For performance, scalability, high availability, andsecurity reasons, do notuse a minimal system landscape as your production

landscape.

Legacy System

SAP NetWeaver PI

SAP ERP


FrameworkAddOn

SAP CRM


FrameworkAddOn


19/52


2.4 Overall Implementation Sequence

August 2012 19

2.4 Overall Implementation SequencePurpose

The following table describes the overall installation sequence the SAP Application InterfaceFramework. This table contains all available software units.

For the latest component version and patch level requirements, see the Support PackageStack Guide on the SAP Service Marketplace at http://service.sap.com/.

For documentation listed in the following table, see References.

Process

Implementation Sequence

Step Action

[Required Documentation]

Remarks/Subsequent Steps

1 Perform the installation of component AIF701.

[SAP Note: 1747710]

2 Perform the (optional) installation ofcomponent AIFX 701.[SAP Note: 1747711]

3 Transport the delivered default Customizinginto target clients.

The delivered Customizing willbe imported only into client 000;from there you can copy it intoyour target clients.

4 Generate number ranges with report

/AIF/GENERATE_NUMBER_RANGES

Number ranges are not delivered

automatically; the mentionedreport does not overwriteexisting number ranges.

5 Read the FAQ for the SAP ApplicationInterface Framework.

[SAP Note: 1530212]

See this note for frequentlyasked questions about the stepsthat are necessary after theinstallation of the SAPApplication Interface Framework.

6 Customize settings for the SAP ApplicationInterface Framework.

[Application Help for the SAP ApplicationInterface Framework 701,in SAP Help Portal athttp://help.sap.com/

-> SAP Business Suite -> SAP ERP Add-Ons-> SAP Application Interface Framework]

Or directly at http://help.sap.com/aif

-
http://service.sap.com/https://service.sap.com/sap/support/notes/1747710https://service.sap.com/sap/support/notes/1747711https://service.sap.com/sap/support/notes/1530212http://help.sap.com/http://help.sap.com/http://help.sap.com/aifhttp://help.sap.com/aifhttp://help.sap.com/aifhttp://help.sap.com/https://service.sap.com/sap/support/notes/1530212https://service.sap.com/sap/support/notes/1747711https://service.sap.com/sap/support/notes/1747710http://service.sap.com/


20/52

3 Business Scenarios of the SAP Application Interface Framework

20 August 2012

3 Business Scenarios of the SAPApplication Interface Framework

The SAP Application Interface Framework tool does not provide its own business scenarios.When you develop interfaces with this tool, you can maintain the business processinformation in the SAP Solution Manager. For more information on how to maintain businessprocess information, view the documentation about Business Blueprints in the help of theSAP Solution Manager in the SAP Help Portal at http://help.sap.com/-> ApplicationLifecycle Management ->SAP Solution Manager -> SAP Solution Manager 7.0.
http://help.sap.com/http://help.sap.com/http://help.sap.com/


21/52

4 Security Considerations

August 2012 21

4 Security ConsiderationsThis section provides an overview of the security considerations that are specific to the SAPApplication Interface Framework.

The SAP Application Interface Framework is built on a SAP NetWeaver 700 system.Therefore, the corresponding security settings also apply to the SAP Application InterfaceFramework.

4.1 Fundamental Security GuidesFor a complete list of the available SAP security guides, see SAP Security Guides on SAPService Marketplace at http://service.sap.com/securityguide. The current versionof the SAP NetWeaver security guide, which deals with general security issues, is alsoavailable via this quick link.

Addi tional InformationFor more information about specific security topics, see the following locations on SAP Service

Marketplace as shown in the table below:

Content Location

Security http://service.sap.com/security

Security Guides http://service.sap.com/securityguide

Released Platforms http://service.sap.com/platforms

Network Security http://service.sap.com/securityguide

Infrastructure Security http://service.sap.com/securityguide

SAP Solution Manager http://service.sap.com/solutionmanager


22/52


22 August 2012

4.2 Authorization ObjectsThe SAP Application Interface Framework allows you to specify various authorization

settings. In the following sections, each authorization object is explained with its descriptionand technical attributes.

4.2.1 Authorization Object for InterfaceProcessing /AIF/PROC

DefinitionThe authorization object /AIF/PROC is used by the system to check the users authorizationfor processing a data message of a given interface in the SAP Application InterfaceFramework.

Authorization FieldsField Name Heading Authorization Object Setting

ACTVT Activity You can enter the following activities:Import (60)Export (61)Resubmit (A4)

/AIF/NS Namespace This field refers to a namespace in the SAPApplication Interface Framework

/AIF/IF Interface Name This field refers to an interface name in theSAP Application Interface Framework

/AIF/IFVER Interface Version This field refers to an interface version in theSAP Application Interface Framework

/AIF/VNS Variant Namespace This field refers to a variant namespace namein the SAP Application Interface Framework

/AIF/VNAME Name of InterfaceVariant

This field refers to a variant name in the SAPApplication Interface Framework

UsageMessages are processed by a specific user. This user requires the authorization to (re-)process data messages in the SAP Application Interface Framework.

The user PIAPPL is assigned the authorization to process data messages forall namespaces, interface names, interface versions, and if applicable, variantnamespace and name.


23/52


August 2012 23

4.2.2 Authorization Object for CustomizingSteps /AIF/CUST

DefinitionThe authorization object /AIF/CUST is used by the system to check the users authorizationfor a Customizing activity in the SAP Application Interface Framework.

Authorization Fields

Field Name Heading Authorization Object Setting

ACTVT Activity You can enter the following activities:Change (02)Display (03)


/AIF/MC Customizing view For available values, see table below

UsageThe field /AIF/NS can contain any namespace name. By specifying the namespace field, youcan limit the users authorization for Customizing activities to the specified namespaces.

An interface developer is authorized to create, edit, and delete interfaces innamespace X but not Y.

For the field name /AIF/MC, the following values are allowed:

Value Description

/AIF/NS Define Namespaces

/AIF/ACTIONS Define Actions

/AIF/CHECKS Define Checks

/AIF/RECTYPES Define Record Types

/AIF/FIXVALUES Define Fix Values

/AIF/VALMAPS Define Value Mappings

/AIF/V_FINF Define Interfaces

/AIF/SMAP Define Structure Mapping

/AIF/IFDET Interface Determination

/AIF/SYSNAMES Define Business Systems

/AIF/ERROR_HDL Error Handling -> Define Applications

/AIF/ERROR_GLB Error Handling -> Global Features

/AIF/ERROR_NS Error Handling -> Define Namespace-Dependent Features

/AIF/ERROR_IF Error Handling -> Define Interface-Dependent Features

/AIF/ALERT Error Handling -> Define Recipients

/AIF/V_VARIANT Interface Variants -> Define Interface Variants


24/52


24 August 2012

/AIF/V_IFKEY Interface Variants -> Define Interface Key Fields

/AIF/V_VA_ASSIGN Interface Variants -> Define Assigning Tables

/AIF/VARIANT_MAPPINGS Interface Variants -> Define Variant Mappings

4.2.3 Authorization Objects for Error Handl ing/AIF/ERR

DefinitionThe authorization object /AIF/ERR is used by the system to check the users authorization forerror handling in the SAP Application Interface Framework.



ACTVT Activity You can enter the following activities:Execute (16) (means selecting from index tables)

Archive (24) (means starting the archiving reportusing SARA)

Reload (25) (means restoring archived data usingSARA)Read (33)Write (34)

Display archive (56)Administer (70) (means qRFC monitoring)

Analyze (71) (means displaying application logmessages)Remove (75) (means canceling a message)Resubmit (A4) (means restarting a message)General overview (GL) (means XML monitoring)


/AIF/IF Interface Name This field refers to an interface name in the SAPApplication Interface Framework

/AIF/IFVER Interface Version This field refers to an interface version in the SAPApplication Interface Framework

UsageUsing the activity field, you specify the actions that a user can execute in the system. Youmight want to specify a user who only has read access to the transaction. You can furtherlimit the authorization by namespace, interface name, and interface version. As a result, theuser can execute the specified activities only for the defined namespace / interface name /interface version combination.


25/52


August 2012 25

4.2.4 Authorization Object for Technical ErrorHandling /AIF/TECH

DefinitionThe authorization object /AIF/TECH is used by the system to check the users authorizationfor the technical mode of error handling in the SAP Application Interface Framework.



ACTVT Activity You can enter the following activity:Activate (63)

UsageThis authorization object does not have any parameters or activities. If a user does not havethe authorization, the Technical Mode checkbox in the selection screen and the TechnicalMode pushbutton in the main screen of the Monitoring and Error Handlingtransaction arehidden.

4.2.5 Authorization Object for EmergencyCorrections /AIF/EMC

DefinitionThe authorization object /AIF/EMC is used by the system to check the users authorization foremergency corrections in the error handling of the SAP Application Interface Framework.

Authorization FieldsField Name Heading Authorization Object Setting

ACTVT Activity You can enter the following activities:Execute (16)Read (33)Write (34)Administer (70)Analyze (71)Remove (75)Resubmit (A4)General overview (GL)


UsageUsing the activity field, you specify the actions the user can execute in emergency correctionmode in the Monitoring and Error Handlingtransaction. You can further limit the authority toexecute the actions in emergency correction mode based on the interface namespace.

When executing the Monitoring and Error Handlingtransaction, the user first has to enter anamespace and press the ENTER key. The system then checks the authorization foremergency corrections and displays the Emergency Correction Modecheckbox, if applicable.


26/52


26 August 2012

4.2.4 Authorization Objects for CustomFunctions /AIF/CFUNC

DefinitionThe authorization object /AIF/CFUNC is used by the system to check the users authorizationfor custom functions for error handling in the SAP Application Interface Framework.



ACTVT Activity You can enter the following activities:

Create or generate (01)

Change (02)

Display (03)

Delete (06)Execute (16) (means executing in the Monitoring andError Handlingtransaction)




/AIF/NSREC Namespace ofRecipient

Not used at the moment; enter *

/AIF/VISI Visibility Not used at the moment; enter *

/AIF/OTHUS Authorization forother users


UsageUsing the activity field, you specify the actions the user can execute in Custom Functionsinthe Monitoring and Error Handlingtransaction and the corresponding maintenance views forcustom functions.

4.2.4 Authorization Objects for Custom Hints/AIF/HINTS

DefinitionThe authorization object /AIF/HINTS is used by the system to check the users authorizationfor custom hints for error handling in the SAP Application Interface Framework.





27/52


August 2012 27

Create or generate (01)

Change (02)

Display (03)

Delete (06)




/AIF/NSREC Namespace ofRecipient


/AIF/VISI Visibility Not used at the moment; enter *

/AIF/OTHUS Authorization forother users Not used at the moment; enter *

UsageUsing the activity field, you specify the actions the user can execute in Custom Hintsin theMonitoring and Error Handlingtransaction and the corresponding maintenance views of thecustom hints.

4.2.4 Authorization Object for Interface

Determination /AIF/IFDETDefinitionThe authorization object /AIF/IFDET is used by the system to check the users authorizationfor maintaining interface determination in the SAP Application Interface Framework.



/AIF/IDTY ApplicationEngine Identifier

Type of application engine:000: Proxy

001: IDoc

002: XML003: Test File

004: ECH

/AIF/NS Namespace Namespace of a customer-specific engine

/AIF/IDCTY Identifier for aCustomer-Specific AIFInterface Type

Identifier of a customer-specific engine

/AIF/IDN1 Name 1 ofInterface Type

First key field of an engine


28/52


28 August 2012

/AIF/IDN2 Name 2 ofInterface Type

Second key field of an engine

ACTVT Activity You can enter the following activity:Create or generate (01)

Change (02)

Display (03)

Delete (06)

UsageUsing the activity field, you specify the actions the user can execute in the correspondingmaintenance views of interface determination.

4.2.6 Authorization Object for Value MappingMaintenance /AIF/VMAP

DefinitionThe authorization object /AIF/VMAP is used by the system to check the users authorizationto display and / or update value mappings in the value mapping transaction of the SAPApplication Interface Framework.




Change (02)Display (03)


/AIF/VMAP Value Mapping This field refers to a value mapping name inthe SAP Application Interface Framework

/AIF/BSKEY Key Name of BusinessSystem

This field refers to a business system name

UsageThe authorization object protects the display/update of value mappings.

The authorization will be checked only in the value mapping transaction/AIF/VMAP (and derived transaction variants), not in the Customizing activityDefine Value Mappings.


29/52


August 2012 29

4.3 Template RolesThe SAP Application Interface Framework provides predefined template roles that you canchange or copy in order to define roles for your specific requirements.

4.3.1 Single RolesThe single roles delivered with the SAP Application Interface Framework provide suggestionsfor the combination of different authorization objects and values in a role to fulfill a specifictask.

4.3.1.1 /AIF/CORRECT_DATAYou assign the role /AIF/CORRECT_DATA to users who are responsible for data consistencyin the SAP Application Interface Framework. The user has the authority to examine interfacedata, correct inconsistencies, and execute the Monitoring and Error Handlingtransaction.You could also assign this role to a batch user that is used to execute the Data CorrectionReporton a regular basis as a background job.

The template role contains the following authorization data:Author izationObject

Field Values

S_TCODE TCD (Transaction Code) /AIF/CORRECTIONS, /AIF/IDXTBL

/AIF/ERR /AIF/NS (Namespace) (no value predefined)

/AIF/IF (Interface Name) (no value predefined)

/AIF/IFVER (InterfaceVersion)

(no value predefined)

ACTVT (Activity) 16 (Execute)

Note that the values for namespace, interface name, and interface version arenot predetermined. In order to use the role, you have to fill these fields withyour custom names.

4.3.1.2 /AIF/CUST_CHANGEYou assign the role /AIF/CUST_CHANGE to users who have the responsibility to maintainCustomizing for the SAP Application Interface Framework. This involves changing interfacedata, error handling settings, as well as interface variants. The user does not have theauthorization to process message data or change values in the Monitoring and ErrorHandlingtransaction.

The template role contains the following authorization data:

Author izationObject

Field Values

S_TCODE TCD (Transaction Code) /AIF/CUST, /AIF/CUST_OVERVIEW,/AIF/CUST_SMAP_COPY,/AIF/DEL_STRUC_CACHE,/AIF/IF_TRACE, /AIF/RECIPIENTS

/AIF/CUST /AIF/NS (Namespace) (no value predefined)

/AIF/MC (Customizingview)

/AIF/ACTIONS, /AIF/ALERT,/AIF/CHECKS, /AIF/ERROR_GLB,/AIF/ERROR_HDL, /AIF/ERROR_IF,/AIF/ERROR_NS, /AIF/FIXVALUES,


30/52


30 August 2012

/AIF/IFDET, /AIF/NS, /AIF/RECTYPES,/AIF/SMAP, /AIF/T_TRACE_LV,/AIF/VALMAPS,/AIF/VARIANT_MAPPINGS,/AIF/V_FINF, /AIF/V_FINF_TL,/AIF/V_IFKEY, /AIF/V_SYSNAMES,/AIF/V_VARIANT, /AIF/V_VA_ASSIGN

ACTVT (Activity) 02 (Change), 03 (Display)





ACTVT (Activity) 16 (Execute), 33 (Read)

S_TABU_DIS ACTVT (Activity) 02 (Change), 03 (Display)

DICBERCLS(Authorization Group)

AIF


4.3.1.3 /AIF/CUST_DISPLAYYou assign the role /AIF/CUST_DISPLAY to users who require display authorization forCustomizing for the SAP Application Interface Framework. This involves read access tointerface data, error handling settings, as well as interface variants. The role is designed for

business users with a technical background, who need to understand the steps in themapping, or interface developers after the development of a specific interface is finished.

Note that you can also limit the Customizing views that the user can display,for example, only value mappings in a specific namespace.



Field Values

S_TCODE TCD (Transaction Code) /AIF/CUST, /AIF/CUST_OVERVIEW,/AIF/IF_TRACE, /AIF/RECIPIENTS

/AIF/CUST /AIF/NS (Namespace) (no value predefined)/AIF/MC (Customizingview)

/AIF/ACTIONS, /AIF/ALERT, /AIF/CHECKS,/AIF/ERROR_GLB, /AIF/ERROR_HDL,/AIF/ERROR_IF, /AIF/ERROR_NS,/AIF/FIXVALUES, /AIF/IFDET, /AIF/NS,/AIF/RECTYPES, /AIF/SMAP,/AIF/T_TRACE_LV, /AIF/VALMAPS,/AIF/VARIANT_MAPPINGS, /AIF/V_FINF,/AIF/V_FINF_TL, /AIF/V_IFKEY,/AIF/V_SYSNAMES, /AIF/V_VARIANT,/AIF/V_VA_ASSIGN

ACTVT (Activity) 03 (Display)


31/52


August 2012 31



/AIF/IFVER (Interface

Version)


ACTVT (Activity) 16 (Execute), 33 (Read)

S_TABU_DIS ACTVT (Activity) 03 (Display)

DICBERCLS (AuthorizationGroup)

AIF


4.3.1.4 /AIF/DATA_CHANGE_LOGYou assign the role /AIF/DATA_CHANGE_LOG to users who have the responsibility to checkthe changes made to the messages contents in the Monitoring and Error Handlingtransaction by a business user. This user has the authorization to execute the Monitoring andError Handlingtransaction, as well as execute the Error Handling Changes Logto analyzethe changes.

Note that a user with this role might have access to personal information, forexample, which user changed a specific part of a data message at a certaintime.



Field Values

S_TCODE TCD (Transaction Code) /AIF/EDCHANGES





ACTVT (Activity) 16 (Execute)


4.3.1.5 /AIF/ERRHDL_CHANGEYou assign the role /AIF/ERRHDL_CHANGE to users who have the responsibility to carry outerror handling, make changes to predefined fields of data messages, and/or resubmit orcancel data messages. Users with this role can also view the Monitoring and Error Handlingtransaction in the technical mode, which allows them, for example, to transform the messagefor test reasons. Note that this role does not include the authorization to display or maintainvalue mappings. It is recommended to assign this role on the basis of specific namespaces /interface names / interface versions to make sure that the user has the knowledge andauthority to change the corresponding data messages.



32/52


32 August 2012


Field Values

S_TCODE TCD (Transaction Code) /AIF/ERR, /AIF/ERR_BASE,/AIF/IFMON





ACTVT (Activity) 16 (Execute), 33 (Read), 34 (Write), 70(Administer), 71 (Analyze), 75(Remove), A4 (Resubmit), GL (Generaloverview)

/AIF/TECH ACTVT (Activity) 63 (Activate)


4.3.1.6 /AIF/ERRHDL_CHANGE_EMCYou assign the role /AIF/ERRHDL_CHANGE_EMC to users who have the responsibility tocarry out emergency corrections in the error handling, that is, make changes to any field inthe data messages and/or resubmit or cancel them.

When executing the Monitoring and Error Handlingtransaction, the user with this role will firsthave to enter a namespace and press the ENTER key. The system will then check theauthorization for emergency corrections and display the Emergency Correction Mode

checkbox, if applicable. This role will also allow the user to use the technical mode in theMonitoring and Error Handling transaction.

Note that this role allows making changes in message fields that are notexplicitly released for changes. It is recommended not to assign this role tonormal business users but only to users who are properly trained and trustedto carry out emergency corrections for an interface.



Field Values

S_TCODE TCD (Transaction Code) /AIF/ERR, /AIF/ERR_BASE,

/AIF/IFMON

/AIF/EMC /AIF/NS (Namespace) (no value predefined)

ACTVT 16 (Execute), 33 (Read), 34 (Write), 70(Administer), 71 (Analyze), 75(Remove), A4 (Resubmit), GL (Generaloverview)






33/52


August 2012 33

ACTVT (Activity) 16 (Execute), 33 (Read), 34 (Write), 70(Administer), 71 (Analyze), 75(Remove), A4 (Resubmit), GL (Generaloverview)


Note that the values for namespace, value mapping, and key name ofbusiness system are not predetermined. In order to use the role, you have tofill these fields with your custom names.

4.3.1.7 /AIF/ERRHDL_DISPLAYYou assign the role /AIF/ERRHDL_CHANGE to users who have the responsibility to analyzemessage data for error handling but are not authorized to change message data or reprocess/ cancel the messages. Users with this role can also view the Monitoring and Error Handlingtransaction in the technical mode, which allows them to transform the message for test

reasons.The template role contains the following authorization data:


Field Values

S_TCODE TCD (Transaction Code) /AIF/ERR, /AIF/ERR_BASE,/AIF/IFMON





ACTVT (Activity) 16 (Execute), 33 (Read), GL (Generaloverview)



4.3.1.8 /AIF/ERRHDL_DISPLAY_EMCYou assign the role /AIF/ERRHDL_DISPLAY_EMC to users who have the responsibility ofanalyzing message data for error handling in emergency correction mode but are notauthorized to change message data or reprocess / cancel the messages. Users with this rolecan also view the Monitoring and Error Handlingtransaction in the technical mode, whichallows them to transform the message for test reasons.

Note that users with this role have the authorization to view and select theemergency correction checkbox but not to carry out emergency corrections,since they only have read access to the data.



Field Values

S_TCODE TCD (Transaction Code) /AIF/ERR, /AIF/ERR_BASE,


34/52


34 August 2012

/AIF/IFMON

/AIF/EMC /AIF/NS (Namespace) (no value predefined)

ACTVT 16 (Execute), 33 (Read), GL (General

overview)/AIF/ERR /AIF/NS (Namespace) (no value predefined)




ACTVT (Activity) 16 (Execute), 33 (Read), GL (Generaloverview)



4.3.1.9 /AIF/LOG_DISPLAYYou assign the role /AIF/LOG_DISPLAY to users who have the responsibility to check themessages in the application log raised by the SAP Application Interface Framework but donot necessarily have to execute the error handling transaction.

Note that users with this authorization can access the log messages fromdata messages of any interface.



Field Values

S_TCODE TCD (Transaction Code) /AIF/LOG

4.3.1.10 /AIF/MESSAGE_NOTIFICATIONYou assign the role /AIF/MESSAGE_NOTIFICATION to users who should be able to run theMessage Overview Notificationreport.



Field Values

S_TCODE TCD (Transaction Code) /AIF/MSGNOTI

4.3.1.11 /AIF/MSG_STAT_SNAP_SHOTYou assign the role /AIF/MSG_STAT_SNAP_SHOT to users who have the responsibility tocreate or display snapshots of statistics and summary data for messages in the SAPApplication Interface Framework.

Note that users with this authorization can access the statistics data for allavailable interfaces and can find out how the recipient assignment isconfigured in the system.



35/52


August 2012 35


Field Values

S_TCODE TCD (Transaction Code) /AIF/DISPMSGSNAP,/AIF/GENMSGSNAP

4.3.1.12 /AIF/PERFORMANCE_ANALYSISYou assign the role /AIF/PERFORMANCE_ANALYSIS to users who have the responsibilityto monitor or analyze the performance of the operations executed by the SAP ApplicationInterface Framework. The role allows access to the Performance Analysis Helptransaction.This role is recommended for interface developers during implementation of the interface andsystem administrators responsible for monitoring system performance.



Field Values

S_TCODE TCD (Transaction Code) /AIF/PERFORMANCE





ACTVT (Activity) 16 (Execute), 71 (Analyze)


4.3.1.13 /AIF/PROCESS_INBYou assign the role /AIF/PROCESS_INB to the users who are required to process inboundinterface data. This could either be a batch user responsible for message processing or adialog user under whose name the message is processed.



Field Values

/AIF/PROC /AIF/NS (Namespace) (no value predefined)


/AIF/IFVER (InterfaceVersion) (no value predefined)

/AIF/VNS (VariantNamespace)


/AIF/VNAME (Name ofinterface variant)


ACTVT (Activity) 60 (Import)

Note that the values for namespace, interface name, interface version, variantnamespace, and interface variant name are not predetermined. In order touse the role, you have to fill these fields with your custom names.


36/52


36 August 2012

4.3.1.14 /AIF/PROCESS_OUTBYou assign the role /AIF/PROCESS_OUTB to the users who are required to processoutbound interface data. This could either be a batch user responsible for messageprocessing or a dialog user under whose name the message is processed.



Field Values









ACTVT (Activity) 61 (Export)


4.3.1.15 /AIF/PROCESS_RESYou assign the role /AIF/PROCESS_RES to the users who are responsible for restartingmessages as part of the error handling. Note that the SAP Application Interface Framework

does not differentiate between restarting unchanged data messages and restarting datamessages that have been changed as part of the error handling.



Field Values





/AIF/VNS (Variant

Namespace)




ACTVT (Activity) A4 (Resubmit)


4.3.1.16 /AIF/SWITCH_FRAMEWORK


37/52


August 2012 37

You assign the role /AIF/SWITCH_FRAMEWORK to users who should be able to access theSAP Application Interface Framework internal switch framework.


Author ization

Object

Field Values

S_TCODE TCD (Transaction Code) /AIF/MYTRANSPORTS,/AIF/NEWDEVIDS, /AIF/NEWDEVPRO,/AIF/TOPICDEF, /AIF/TOPICSTATUS,/AIF/TOPICSTATUSH,/AIF/TOPICSTATUSHALL,/AIF/TOPICSTATUSINIT,/AIF/USERATTR, /AIF/USERMGR,/AIF/USERMGR2

4.3.1.17 /AIF/TEST_TOOL

You assign the role /AIF/TEST_TOOL to users who should be able to run the Interface TestTool. Since this report allows processing of self-defined data for any interface, it isrecommended not to use or to strictly limit access to this role in a productive system. Thisrole is suggested for interface developers who need to test their interfaces.



Field Values

/AIF/T_CODE TCD (Transaction Code) /AIF/IFTEST



/AIF/IFVER (InterfaceVersion) (no value predefined)





ACTVT (Activity) 61 (Export)


4.3.1.18 /AIF/VMAP_CHANGEYou assign the role /AIF/VMAP_CHANGE to users who are responsible for maintaining valuemappings in a specific namespace and/or for a specific business system.



Field Values

/AIF/T_CODE TCD (Transaction Code) /AIF/VMAP, /AIF/VMAP_BASE

/AIF/VMAP /AIF/NS (Namespace) (no value predefined)

/AIF/VMAP (Value (no value predefined)


38/52


38 August 2012

Mapping)

/AIF/BSKEY (Key Name ofBusiness System)


ACTVT (Activity) 02 (Change), 03 (Display)


4.3.1.19 /AIF/VMAP_DISPLAYYou assign the role /AIF/VMAP_CHANGE to users who should be able to analyze, but notchange, value mappings in a specific namespace and/or for a specific business system.



Field Values

/AIF/T_CODE TCD (Transaction Code) /AIF/VMAP, /AIF/VMAP_BASE

/AIF/VMAP /AIF/NS (Namespace) (no value predefined)

/AIF/VMAP (ValueMapping)


/AIF/BSKEY (Key Name ofBusiness System)


ACTVT (Activity) 03 (Display)


4.3.1.19 /AIF/ARC_CREATEYou assign the role /AIF/ARC_CREATE to users who should be able to create archives of theXML persistence in a specific namespace or interface.


Author izationObject Field Values

/AIF/T_CODE TCD (Transaction Code) SARA





ACTVT (Activity) 56 (Display Archive)

S_ADMI_FCD S_ADMI_FCD (no value predefined)

S_ARCHIVE ACTVT 01, 02, 03


39/52


August 2012 39

APPLIC $APPLIC

ARCH_OBJ /AIF/PERSX

S_BTCH_JOB JOBACTION *

JOBGROUP *

S_BTCH_NAM BTCUNAME (no value predefined)


4.3.1.19 /AIF/ARC_DISPLAYYou assign the role /AIF/ARC_DISPLAY to users who should be able to display archives ofthe XML persistence in a specific namespace or interface.



Field Values




/AIF/IFVER (Interface

Version)


ACTVT (Activity) 56 (Display Archive)


S_ARCHIVE ACTVT 03

APPLIC $APPLIC

ARCH_OBJ /AIF/PERSX

S_BTCH_JOB JOBACTION (no value predefined)

JOBGROUP (no value predefined)

S_BTCH_NAM BTCUNAME(no value predefined)


4.3.1.19 /AIF/ARC_RELOADYou assign the role /AIF/ARC_RELOAD to users who should be able to reload data fromarchives of the XML persistence in a specific namespace or interface.



40/52


40 August 2012


Field Values


/AIF/ERR /AIF/NS (Namespace) (no value predefined)/AIF/IF (Interface Name) (no value predefined)



ACTVT (Activity) 25 (Reload)


S_ARCHIVE ACTVT 01, 02, 03

APPLIC $APPLIC

ARCH_OBJ /AIF/PERSX

S_BTCH_JOB JOBACTION (no value predefined)

JOBGROUP (no value predefined)

S_BTCH_NAM BTCUNAME (no value predefined)



41/52


August 2012 41

4.3.2 Composite Roles

4.3.2.1 /AIF/ADMINISTRATOR

PurposeYou assign the role /AIF/ADMINISTRATOR to users who are responsible for systemadministration. The role involves all authorizations required to analyze system operations. Itincludes read access to the Customizing (though you might want to exchange/AIF/CUST_DISPLAY with /AIF/CUST_CHANGE if the administrator is responsible for errorhandling application setup), as well as read access to the error handling application, valuemappings, error handling change data, and application log messages. Additionally, the roleallows performance analysis and the creation or display of snapshots for messages in theSAP Application Interface Framework.

Contained Roles/AIF/ADMINISTRATOR is composed of the single roles

/AIF/CUST_DISPLAY

/AIF/DATA_CHANGE_LOG

/AIF/ERRHDL_DISPLAY

/AIF/LOG_DISPLAY

/AIF/MESSAGE_NOTIFICATION

/AIF/MSG_STAT_SNAP_SHOT

/AIF/PERFORMANCE_ANALYSIS

/AIF/SWITCH_FRAMEWORK

/AIF/VMAP_DISPLAY /AIF/ARC_CREATE

/AIF/ARC_DISPLAY

4.3.2.2 /AIF/DATA_FIXER

PurposeYou assign the role /AIF/DATA_FIXER to users who are responsible for data consistency inthe SAP Application Interface Framework. For more information, see the documentation for

the single role /AIF/CORRECT_DATA.Contained Roles/AIF/DATA_FIXER contains the single role /AIF/CORRECT_DATA.

4.3.2.3 /AIF/INTERFACE_DEVELOPER

PurposeYou assign the role /AIF/INTERFACE_DEVELOPER to users who are responsible forinterface development. This role is recommended for all interface developers in thedevelopment phase. The role involves authorization to change Customizing, which is requiredto develop interfaces in the SAP Application Interface Framework. Additionally, the roleinvolves access to the functions of normal business users (role /AIF/BUSINESS_USER), the

Interface Test Tool, the application log messages, and the Performance Analysistool.


42/52


42 August 2012

Note that you might want to limit the Customizing views the user can access.Also be aware that the role /AIF/INTERFACE_DEVELOPER does not includethe developer role in the system. If the user is required to create function

modules, classes, or other development objects, the correspondingauthorization has to be assigned additionally.

Contained Roles/AIF/INTERFACE_DEVELOPER is composed of the following single roles:

/AIF/CUST_CHANGE

/AIF/ERRHDL_CHANGE

/AIF/ERRHDL_DISPLAY

/AIF/LOG_DISPLAY


/AIF/PROCESS_INB

/AIF/PROCESS_OUTB

/AIF/PROCESS_RES

/AIF/TEST_TOOL

/AIF/VMAP_CHANGE

/AIF/VMAP_DISPLAY

4.3.2.4 /AIF/KEY_USER

PurposeYou assign the role /AIF/KEY_USER to users who are responsible for extended errorhandling. This role is recommended for users who have to carry out critical error handlingoperations that are not allowed for normal error handling as with the role/AIF/BUSINESS_USER. In addition to the authorizations of the role /AIF/BUSINESS_USER,this role includes the authorization to make error corrections in emergency mode.Additionally, the users can run the Interface Test Tool, generate and display messagesnapshots, and display log messages in the application log raised by the SAP ApplicationInterface Framework.

Note that users with this authorization can access the log messages fromdata messages of any interface using transaction /AIF/LOG.

Contained Roles/AIF/KEY_USER is composed of the single roles

/AIF/ERRHDL_CHANGE_EMC

/AIF/ERRHDL_DISPLAY_EMC

/AIF/LOG_DISPLAY



/AIF/PROCESS_INB

/AIF/PROCESS_OUTB


43/52


August 2012 43

/AIF/PROCESS_RES

/AIF/TEST_TOOL

/AIF/VMAP_CHANGE

/AIF/VMAP_DISPLAY

/AIF/ARC_CREATE

/AIF/ARC_DISPLAY

4.3.2.5 /AIF/BUSINESS_USER

PurposeYou assign the role /AIF/BUSINESS_USER to users who are responsible for error handling.This role is recommended for all normal business users. It includes the authorization todisplay and change fields of the message data in the Monitoring and Error Handlingtransaction, restart and/or cancel data messages, and maintain value mappings. The role

does not include the authorization to carry out emergency corrections, view the Monitoringand Error Handlingtransaction in technical mode, or display / change the configuration orinterface Customizing.

Note that you can limit the authorization to specific namespaces / interfacenames / interface versions.

Contained Roles/AIF/BUSINESS_USER is composed of the single roles

/AIF/ERRHDL_CHANGE

/AIF/ERRHDL_DISPLAY

/AIF/PROCESS_INB

/AIF/PROCESS_OUTB

/AIF/PROCESS_RES

/AIF/VMAP_CHANGE

/AIF/VMAP_DISPLAY

4.3.2.6 /AIF/ALL

PurposeYou assign the role /AIF/ALL to users who require read and write access to all parts of the

SAP Application Interface Framework. Users with this role can configure the SAP ApplicationInterface Framework, maintain interfaces, value mappings and interface variants, processmessages, and access log overviews. From a security perspective, it is not recommended toassign this role.

Contained Roles/AIF/ALL is composed of the following single roles:

/AIF/CORRECT_DATA

/AIF/CUST_CHANGE

/AIF/CUST_DISPLAY

/AIF/DATA_CHANGE_LOG


44/52


44 August 2012

/AIF/ERRHDL_CHANGE

/AIF/ERRHDL_CHANGE_EMC

/AIF/ERRHDL_DISPLAY

/AIF/ERRHDL_DISPLAY_EMC

/AIF/LOG_DISPLAY




/AIF/PROCESS_INB

/AIF/PROCESS_OUTB

/AIF/PROCESS_RES

/AIF/SWITCH_FRAMEWORK

/AIF/TEST_TOOL

/AIF/VMAP_CHANGE

/AIF/VMAP_DISPLAY

/AIF/ARC_CREATE

/AIF/ARC_DISPLAY

/AIF/ARC_RELOAD


45/52


August 2012 45

4.4 Interface- and Key-Field-Specific

AuthorizationsUsing the available Customizing activities within the SAP Application Interface Framework,you are able to set up interface-specific and key field-specific authorizations. This lets youspecify authorizations on the basis of a single messages content. Assume, for example, thata data message includes a plant and a business system identifier. A business user isresponsible only for a specific plant / business system combination, so they should only beallowed to display and/or change messages for their combination.

To achieve this, you have to do two things:

1. Specify the fields that are relevant for authorizations as key fields and include them ina custom single index table.

2. Create a custom authorization object.

The steps required to define key fields are described in the system documentation of thecorresponding Customizing activities. The authorization object needs to fulfill the followingrequirements:

It requires a field called ACTVT

The available activities in the ACTVT field must be the same as for the authorizationobject /AIF/ERR

It requires one field for each key field that serves as the basis for the authorization


46/52


46 August 2012

4.5 Considerations about Data ProtectionAs a technical framework that allows changing business-critical interface data, the SAPApplication Interface Framework is required to save user-related information that could be

marked as personal, private, or confidential. The access to this information is limited byauthorizations. The following user-related or potentially confidential data is saved and couldbe accessed using the SAP Application Interface Framework.

4.5.1 Single or Multi Message Index TableThe single or multi message index tables, which record aggregated information on a per-data-message-level, contain fields for the following:

The user name of the user that processed the message, along with the date and timeof initial message processing

The user name of the user that last changed the message (restarted or cancelled it),along with the date and time of the action

Data in the single or multi index tables is not visible on any screen within the SAP ApplicationInterface Framework. It can only be accessed through direct database query or the ABAPdictionary.

4.5.2 Log of Changes in the Error HandlingChanges to a data messages field values that originated from the Monitoring and ErrorHandlingtransaction are recorded in a log table. The following information is saved:

The name and path of the changed field along with the old and new value

The user name of the user who initiated the change along with the date and time ofthe change

The changes log data can be viewed in the Error Handling Changes Logtransaction. This

transaction is protected by authorization object S_TCODE. The transaction enables the userto see a list of changes. Only when the user selects a change log entry and chooses to viewthe details, is the user name of the user who made the change displayed.

4.5.3 Information Contained in Interface DataDepending on your interfaces, message data might contain personal, private, or confidentialinformation. This information will be accessible by all users who have the authorization todisplay or change messages of the interface in the Monitoring and Error Handlingtransaction.If you identify such information and do not want the information to be available for errorhandling, you can define the corresponding structures as Hide Structures. You can do this inCustomizing for the SAP Application Interface Framework under Namespace-SpecificFeatures.


47/52

5 References

August 2012 47

5 ReferencesList of Documents

The following table lists all documents mentioned in this Master Guide that are relevant to theSAP Application Interface Framework.

Title Where to Find

Implementation Guide (IMG) for theApplication Interface Framework 700

In the SAP Application Interface Frameworksystem(s), execute Transaction /AIF/CUST

Application Help for the SAPApplication Interface Framework

SAP Help Portal at http://help.sap.com/

-> SAP Business Suite -> SAP ERP Add-On ->SAP Application Interface Framework

List of SAP Notes

The following table lists all SAP Notes mentioned in this Master Guide.

SAP Note Number Title Descripti on

1747710 AIF 701: Installation Note See this note for the detailedinformation about installing the maincomponent of SAP ApplicationInterface Framework 2.0

1747711 AIFX 701: Installation Note See this note for the detailedinformation about installing theoptional component of SAPApplication Interface Framework 2.0

1530212 SAP Application InterfaceFramework FAQ

See this note for frequently askedquestions about the SAP Application

Interface Framework


In a dynamic document, as it is usedin the Interface Overview transactionof the SAP Application InterfaceFramework, form elements such aspushbuttons, input fields, selectionlists, and hyperlinks respond severaltimes to an event.

1684718 WDA: Transaction WDYID -Configuration ID is lost

Only needed if you install the optionalcomponent AIFX 701 and useMonitoring and Error Handling (Web)from the SAP Easy Access menu.


In a dynamic document, as it is usedin the Interface Overview transactionof the SAP Application InterfaceFramework, form elements such aspushbuttons, input fields, selectionlists, and hyperlinks respond severaltimes to an event.

1726101 Tables with more then fivekey elements are notsupported

This note is only needed if you installthe optional component AIFX 701and use the Service ImplementationWorkbench (SIW) template.
https://service.sap.com/sap/support/notes/1747710https://service.sap.com/sap/support/notes/1747711http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=DISPL_TXT&_NNUM=1530212http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=DISPL_TXT&_NNUM=1241303https://service.sap.com/sap/support/notes/1684718https://service.sap.com/sap/support/notes/1241303https://service.sap.com/sap/support/notes/1726101https://service.sap.com/sap/support/notes/1726101https://service.sap.com/sap/support/notes/1241303https://service.sap.com/sap/support/notes/1684718http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=DISPL_TXT&_NNUM=1241303http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=DISPL_TXT&_NNUM=1530212https://service.sap.com/sap/support/notes/1747711https://service.sap.com/sap/support/notes/1747710


48/52

5 References

48 August 2012

1705786 SIW: Language conflict withLOCAL packages

This note is only needed if you installthe optional component AIFX 701and use the SIW template.

1698269 SIW: Misleading errormessage


1718473 SIW: Dump after leavingungenerated project

https://service.sap.com/sap/support/notes/1705786https://service.sap.com/sap/support/notes/1698269https://service.sap.com/sap/support/notes/1718473https://service.sap.com/sap/support/notes/1718473https://service.sap.com/sap/support/notes/1698269https://service.sap.com/sap/support/notes/1705786


49/52

6 Media List

August 2012 49

6 Media ListAll deliverables for the SAP Application Interface Framework 700 are shipped electronicallyand no shipment is made via DVDs (or similar kind of data carrier media).


50/52

7 Release Availability Information

50 August 2012

7 Release Availabili ty InformationFor more information about currently avail

AIF20 Master Guide

Documents

Transcript of AIF20 Master Guide