You are on page 1of 52

Master Guide

SAP Application Interface Framework 2.0


Using SAP AIF 701 and SAP AIFX 701
Target Audience
Consultants
Administrators
Others

Public
Document version 1.0 08/29/2012

Master Guide SAP Application Interface Framework 2.0

History of Changes
The Master Guide is regularly updated in SAP Service Marketplace at
http://service.sap.com/instguides.
Make sure you have the latest version of the Master Guide by checking SAP
Service Marketplace immediately before starting the installation.
The following table provides an overview of the most important changes that were made in
the latest versions.
Master Guide Version

Important Changes

1.00 (August 29, 2012)

First release of this Master Guide

August 2012

Master Guide SAP Application Interface Framework 2.0

Contents
History of Changes ................................................................................ 2

1 Getting Started................................................................................. 5
1.1 About this Document ....................................................................... 5
1.2 Related Information ......................................................................... 7
1.2.1 Planning Information .......................................................................... 7
1.2.2 Further Useful Links ........................................................................... 7
1.2.3 Related Master Guides........................................................................ 8
1.2.4 Related Operations Information ......................................................... 8

1.3 Important SAP Notes ..................................................................... 10

2 SAP Application Interface Framework Overview .......................12


2.1 Software Units of the SAP Application Interface Framework .... 13
2.2 Software Component Matrix ......................................................... 14
2.3 System Landscape ......................................................................... 16
2.4 Overall Implementation Sequence ............................................... 19

3 Business Scenarios of the SAP Application Interface


Framework ........................................................................................20
4 Security Considerations ...............................................................21
4.1 Fundamental Security Guides ...................................................... 21
4.2 Authorization Objects .................................................................... 22
4.2.1 Authorization Object for Interface Processing /AIF/PROC ............ 22
4.2.2 Authorization Object for Customizing Steps /AIF/CUST ................ 23
4.2.3 Authorization Objects for Error Handling /AIF/ERR ....................... 24
4.2.4 Authorization Object for Technical Error Handling /AIF/TECH ..... 25
4.2.5 Authorization Object for Emergency Corrections /AIF/EMC ......... 25
4.2.4 Authorization Objects for Custom Functions /AIF/CFUNC ............ 26
4.2.4 Authorization Objects for Custom Hints /AIF/HINTS ...................... 26
4.2.4 Authorization Object for Interface Determination /AIF/IFDET ....... 27
4.2.6 Authorization Object for Value Mapping Maintenance
/AIF/VMAP ................................................................................................... 28

4.3 Template Roles ............................................................................... 29


4.3.1 Single Roles ....................................................................................... 29
4.3.2 Composite Roles ............................................................................... 41

4.4 Interface- and Key-Field-Specific Authorizations ....................... 45


4.5 Considerations about Data Protection......................................... 46
4.5.1 Single or Multi Message Index Table ............................................... 46
4.5.2 Log of Changes in the Error Handling ............................................. 46
4.5.3 Information Contained in Interface Data ......................................... 46

5 References .....................................................................................47
6 Media List .......................................................................................49

August 2012

Master Guide SAP Application Interface Framework 2.0

7 Release Availability Information ..................................................50

August 2012

1 Getting Started
1.1 About this Document

1 Getting Started
1.1 About this Document
Purpose
This Master Guide is the central starting point for the technical implementation of the SAP
Application Interface Framework. You can find cross-scenario implementation information as
well as scenario-specific information in this guide.
Use the Master Guide to get an overview of the SAP Application Interface Framework, its
software units, and its scenarios from a technical perspective. The Master Guide is a
planning tool that helps you to design your system landscape. It refers you to the required
detailed documentation, mainly:
Installation guides for single software units
SAP Notes
Configuration documentation
SAP Library documentation
The Master Guide consists of the following main sections:
Section 1 Getting Started explains how to use this document and related information
(documentation and SAP Notes) that is crucial to the installation and upgrade.
Section 2 SAP Application Interface Framework Overview provides essential information
about the supported scenarios, the installable software units, software component matrix,
as well as how to plan your system landscape. Section 2 provides an overall
implementation sequence with related information (documentation and SAP Notes) and
provides the information about how to install the SAP Application Interface Framework by
referring to the relevant SAP Notes.
Section 3 Business Scenarios of the SAP Application Interface Framework contains
information about the supported business scenarios/processes.
Section 4 Security Considerations provides the security information that is specific to the
SAP Application Interface Framework (authorization objects and roles). This section also
provides a collection of links to SAPs various security topics.
Section 5 References provides a list of all the required SAP Notes and the documents that
are mentioned in this Master Guide.
Section 6 Media List provides information on the data carriers and the software
components contained in them.
Section 7 Release Availability Information contains information about the available
software releases, required base software and other availabilities regarding the Focused
Business Solution for the SAP Application Interface Framework.
You can find the most current information about the technical implementation
of the SAP Application Interface Framework and the latest installation and
configuration guides on SAP Service Marketplace at
http://service.sap.com/instguides.
We strongly recommend that you use the documents available here. The
guides are regularly updated.

August 2012

1 Getting Started
1.1 About this Document

Constraints
The business scenarios that are presented here serve as examples of how you can use SAP
software in your company. The business scenarios are only intended as models and do not
necessarily run the way they are described here in your customer-specific system landscape.
Ensure to check your requirements and systems to determine whether these scenarios can
be used productively at your site. Furthermore, we recommend that you test these scenarios
thoroughly in your test systems to ensure they are complete and free of errors before going
live.

August 2012

1 Getting Started
1.2 Related Information

1.2 Related Information


1.2.1 Planning Information
For more information about planning topics not covered in this guide, see the following
content on SAP Service Marketplace:
Content

Location on SAP Service Marketplace

Latest versions of installation and upgrade


guides

*In this Master Guide, see the SAP Notes listed


in the below section 1.3 Important SAP Notes.

Overview application information as well as


the collection of function- and processoriented information about the SAP
Application Interface Framework

*Application Help for SAP Application Interface


Framework 2.0 on the SAP Help Portal at
http://help.sap.com
-> SAP Business Suite -> SAP ERP Add-On ->
SAP Application Interface Framework
Or directly at http://help.sap.com/aif

SAP Business Maps - information about


applications and business scenarios

http://service.sap.com/businessmaps

Sizing, calculation of hardware requirements


- such as CPU, disk and memory resource with the Quick Sizer tool

http://service.sap.com/quicksizer

Released platforms and technology-related


topics such as maintenance strategies and
language support

http://service.sap.com/platforms

Network security

http://service.sap.com/securityguide

High Availability

http://www.sdn.sap.com/irj/sdn/ha

Performance

http://service.sap.com/performance

Information about Support Package Stacks,


latest software versions and patch level
requirements

http://service.sap.com/sp-stacks

Information about Unicode technology

http://www.sdn.sap.com/irj/sdn/i18n

To access the Platform Availability Matrix directly,


enter http://service.sap.com/pam.

1.2.2 Further Useful Links


The following table lists further useful links on SAP Service Marketplace:
Content

Location on SAP Service Marketplace

Information about creating error messages

http://service.sap.com/message

SAP Notes search

http://service.sap.com/notes

SAP Software Distribution Center (software


download and ordering of software)

http://service.sap.com/swdc

SAP Online Knowledge Products (OKPs)


role-specific Learning Maps

http://service.sap.com/rkt

August 2012

1 Getting Started
1.2 Related Information

1.2.3 Related Master Guides


In this Master Guide, the following SAP applications are frequently referred to, particularly for
explaining topics such as integration scenarios, planning of the system landscape, and so on.
You can find more information about the relevant applications in the following documents:
Title

Location

Master Guide
SAP NetWeaver 7.0

http://service.sap.com/instguidesNW70

Master Guide
SAP NetWeaver PI 7.1

http://service.sap.com/instguides

Master Guide
SAP ERP 6.0

http://service.sap.com/instguides

Master Guide
SAP Customer Relationship
Management 7.0

http://service.sap.com/instguides

-> Installation -> Master Guide


-> SAP NetWeaver -> SAP NetWeaver PI 7.1 ->
Installation -> Master Guide
-> SAP Business Suite Applications -> SAP ERP ->
SAP ERP 6.0 -> Planning
-> SAP Business Suite Applications -> SAP CRM 7.0 > Plan

1.2.4 Related Operations Information


The SAP Application Interface Framework is based on an SAP NetWeaver 7.0 system.
Therefore, the general operations information for the following areas is covered in the
operations guide of SAP NetWeaver:
Technical system landscape
Overview of technical runtime scenarios, which result from setting up the corresponding
business scenarios
Backup and recovery
High availability concept
Starting and stopping (by which means and in which sequence)
Scenario administration concept (possible dependencies between scenario components)
Concept for data archiving and management of outdated technical data
Software change management
Scenario maintenance concept
Concept for handling customer development
Support desk management
Troubleshooting
You can find more information about the corresponding operations guides for SAP
NetWeaver in the following table:
Title
Operations guides available for SAP
NetWeaver

Location
http://service.sap.com/installnw70
under SAP NetWeaver 7.0 -> Operations

SAP NetWeaver Administrators Guide


Technical Operations Manual

SAP Help Portal at


http://help.sap.com/nw70 under System
Administration -> Technical Operations Manual
For a complete list of the available SAP Operations Guides, see
http://service.sap.com/instguides.

August 2012

1 Getting Started
1.2 Related Information
The operations information that is specific to SAP Application Interface Framework is
included in the Application Help of the SAP Application Interface Framework in the
sections The SAP Application Interface Framework for Business Users and The SAP
Application Interface Framework for IT Personnel. In these sections the following topics are
covered:
Monitoring concept
Logging and tracing
Technical configuration
Periodical tasks
Concepts for monitoring, error handling, restart, and recovery of interfaces

August 2012

1 Getting Started
1.3 Important SAP Notes

1.3 Important SAP Notes


You must read the following SAP Notes before you start the installation. These SAP Notes
contain the most recent information on the installation, as well as corrections to the
installation documentation.
Make sure that you have the up-to-date version of each SAP Note, which you can find on
SAP Service Marketplace at http://service.sap.com/notes.
Installation Notes
SAP Note Number

Title

Description

1747710

AIF 701: Installation Note

See this note for the detailed


information about installing
the main component AIF 701
of SAP Application Interface
Framework 2.0.

1747711

AIFX 701: Installation Note

See this note for the detailed


information about installing
the optional component AIFX
701 of SAP Application
Interface Framework 2.0.

1530212

SAP Application Interface


Framework FAQ

See this note for frequently


asked questions about the
SAP Application Interface
Framework.

Relevant Notes of SAP NetWeaver


SAP Note Number

Title

Description

1684718

WDA: Transaction WDYID Configuration ID is lost

Only needed if you install the


optional component AIFX
701 and use Monitoring and
Error Handling (Web) from
the SAP Easy Access menu.

1241303

Dynamic documents: Multiple


registration of events

In a dynamic document, as it
is used in the Interface
Overview transaction of the
SAP Application Interface
Framework, form elements
such as pushbuttons, input
fields, selection lists, and
hyperlinks respond several
times to an event.

1726101

Tables with more then five


key elements are not
supported

This note is only needed if


you install the optional
component AIFX 701 and
use the Service
Implementation Workbench
(SIW) template.

1705786

SIW: Language conflict with


LOCAL packages

This note is only needed if


you install the optional
component AIFX 701 and

10

August 2012

1 Getting Started
1.3 Important SAP Notes
use the SIW template.
1698269

SIW: Misleading error


message

This note is only needed if


you install the optional
component AIFX 701 and
use the SIW template.

1718473

SIW: Dump after leaving


ungenerated project

This note is only needed if


you install the optional
component AIFX 701 and
use the SIW template.

August 2012

11

2 SAP Application Interface Framework Overview


1.3 Important SAP Notes

2 SAP Application Interface Framework


Overview
The SAP Application Interface Framework enables you to develop and monitor interfaces as
well as execute error handling in a single framework residing in your SAP backend system.
Possible sources of demand for SAP Application Interface Framework are:
You have a complex, heterogeneous system landscape
You want to decouple technical and business aspects of your interfaces, thus
enabling business users to perform error handling
You use different technologies to implement interfaces, so you have duplicate efforts
for implementing the same logic in multiple technologies
You have to use multiple monitoring tools for different basis technologies and would
like to use one tool to simplify the monitoring and error handling
You experience difficulties in enforcing interface implementation guidelines
You need to restrict access to interface data to fulfill your regulatory or company
compliance rules
SAP Application Interface Framework enables you to:
Implement interfaces in an easy and structured way mainly based on Customizing
Re-use interface building blocks (checks, structure mappings, value mappings,
actions, functions) inside of multiple interfaces and for different basis technologies
Do functional instead of technical monitoring
Restrict interface data and error monitor access by flexible authorization rules
Enforce interface implementation guidelines
SAP Application Interface Framework provides you with the following functions:
A powerful framework for the implementation of interfaces
A user-friendly transaction for interface monitoring and error handling
Tools for configuration and operations
The following chapters give an overview of the software components that are required within
the SAP Application Interface Framework and its business scenarios.

12

August 2012

2 SAP Application Interface Framework Overview


2.1 Software Units of the SAP Application Interface Framework

2.1 Software Units of the SAP Application


Interface Framework
The following table contains the software units that you require to set up your system
landscape:
Software Unit

Release

SAP Application Interface Framework 2.0 (component AIF)

701

SAP NetWeaver

700, SP17 or above

If you want to use the Web-based Monitoring and Error Handling transaction, the Service
Implementation Workbench (SIW) to generate AIF interfaces, or the integration with the Error
and Conflict Handler (ECH), the minimum requirements are the following:
Software Unit

Release

SAP Application Interface Framework (component AIF)

701

SAP Application Interface Framework Extension (component AIFX)

701

SAP NetWeaver

731, SP01 or above

Make sure all the relevant and available support packages (SPs) and
enhancement packages (EHPs) are also applied when any of the above
software units are installed. For the latest component version and patch level
requirements, see http://service.sap.com/sp-stacks.

August 2012

13

2 SAP Application Interface Framework Overview

2.2 Software Component Matrix


Supported Integration Scenarios
The SAP Application Interface Framework can be used on any SAP application system
based on SAP NetWeaver 7.0 SP17 (or above). This is why the Master Guide cannot cover
all possible integration scenarios. Only a limited number of common integration scenarios are
covered:
Integration scenario SAP ERP
Integration scenario SAP SRM
Integration scenario SAP ERP + SAP CRM
IDoc integration scenarios
o
o
o
o

Monitor existing IDocs in the Monitoring and Error Handling transaction


Process IDocs using AIF and call an IDoc function module in an action
Process IDocs using AIF and call a BAPI in an action
Process IDocs using ALE and write index tables with the AIF enabler

With the SAP Application Interface Framework, you can use one or multiple interface
technologies (for example, proxy messages or IDocs) for integration and monitoring. For any
integration scenario you are using, you need to make sure that the systems you want to
connect are capable of handling the chosen interface technology. You also need to make
sure to use one of the interface technologies supported by the SAP Application Interface
Framework or to implement the support for the chosen interface technology in the SAP
Application Interface Framework using a custom engine.
The table below shows the mapping of the software units to each of the integration scenarios
to build a system landscape with the SAP Application Interface Framework. You can see
which software units are mandatory and which other software units are optional to realize
each integration scenario.
Integration Scenario SAP ERP
Software Unit Installation

Obligatory or
Optional

Comments

SAP Application Interface Framework add-on based


on SAP NetWeaver 7.0

Obligatory

SAP NetWeaver 7.0 or the Enhancement Packages


for 7.0

Obligatory

SAP NetWeaver PI 7.0

Optional

SAP ERP 6.0 or the Enhancement Packages for 6.0

Obligatory

Software Unit Installation

Obligatory or
Optional

Comments

SAP Application Interface Framework add-on based


on SAP NetWeaver 7.0

Obligatory

SAP NetWeaver 7.0 or the Enhancement Packages

Obligatory

Integration Scenario SAP SRM

14

August 2012

2 SAP Application Interface Framework Overview


2.2 Software Component Matrix
for 7.0
SAP NetWeaver PI 7.0

Optional

SAP SRM 7.0

Obligatory

Software Unit Installation

Obligatory or
Optional

Comments

SAP Application Interface Framework add-on based


on SAP NetWeaver 7.0

Obligatory

SAP NetWeaver 7.0 or the Enhancement Packages


for 7.0

Obligatory

SAP NetWeaver PI 7.0

Optional

SAP ERP 6.0 or the Enhancement Packages for 6.0

Obligatory

SAP CRM 7.0

Obligatory

Integration Scenario SAP ERP + SAP CRM

IDoc Integration Scenarios


There are multiple interface integration scenarios which can be built using IDoc technology.
Depending on the integration scenario used, different features of the SAP Application
Interface Framework are available. It is possible to use multiples of these integration
scenarios for different interfaces.
The following four different scenarios, in which you can process and monitor IDocs, are
available:
IDoc Scenario 1: Monitoring of existing IDocs in Monitoring and Error Handling
IDoc Scenario 2: Processing IDocs using AIF and calling an IDoc function module in
an action
IDoc Scenario 3: Processing IDocs using AIF and calling a BAPI in an action
IDoc Scenario 4: Processing IDocs using ALE and writing index tables with the AIF
enabler
More detailed descriptions about these scenarios, as well as the corresponding features of
the SAP Application Interface Framework 2.0, can be found in the Application Help
(http://help.sap.com/aif, Technology Support -> IDoc Support -> IDoc Scenarios).
Based on your integration scenario, you can implement various business processes. The
SAP Application Interface Framework does not provide standard business processes.
Instead, you have to implement your own business processes and corresponding interfaces
using the SAP Application Interface Framework.
This Master Guide provides just one way to implement each business
scenario. For other ways to implement business scenarios, see the Scenario
& Process Component List in SAP Service Marketplace at
http://service.sap.com/scl. The Scenario & Process Component List
helps you to find realization alternatives for SAP solutions, business
scenarios, and processes. It shows you which application components are
needed to realize a business scenario or process.

August 2012

15

2 SAP Application Interface Framework Overview


2.3 System Landscape

2.3 System Landscape


The SAP Application Interface Framework offers various system landscape options
depending on the customers business requirements and possible system deployments. In
the following section, exemplary system deployments are presented with the characteristics
and restrictions of each case.
General
The integration scenarios involve at least 2 systems, that is, a legacy system and an SAP
backend system that contains the SAP Application Interface Framework. The integration
scenarios can optionally involve an SAP NetWeaver PI. The legacy system can be any
system that is able to exchange information with directly with the SAP backend system or
with the SAP NetWeaver PI system. Every SAP application system based on SAP
NetWeaver 7.0 SP17 (and above) is supported as the SAP backend system.
For any integration scenario you are using, you need to make sure that the systems you want
to connect are capable of handling the chosen interface technology.
SAP Backend
System

Legacy System

SAP NetWeaver PI

SAP Application
Interface
Framework
AddOn

In your business processes, the legacy system can act as sender or receiver of information.
As a sender, the legacy system is the data source and sends data directly to the SAP
backend system or to the SAP NetWeaver PI system.
If you choose to use direct integration between the legacy system and the SAP backend
system, data is sent directly from the legacy system to the SAP backend system.
If you choose to use SAP NetWeaver PI for integration, SAP NetWeaver PI can act as the
information broker, provide security features, and offer many other technical integration
capabilities. Here, the technical mapping of the data structures or technical format
conversions (for example, using existing adapters) can be executed. If the communication
channel in your SAP NetWeaver PI is correctly configured, the message is sent to your SAP
backend system. The SAP Application Interface Framework resides within the SAP backend
system and provides different additional features depending on the chosen integration
scenario.
If data is sent through the SAP NetWeaver PI system, you have the option to use different
interface technologies for communication between the legacy system and SAP NetWeaver PI
and between SAP NetWeaver PI and the SAP backend system. In this case, a technical
format conversion needs to be done in SAP NetWeaver PI to translate from one interface
technology to the other.
In both scenarios, the SAP Application Interface Framework in the SAP backend system
provides the monitoring and error handling functionality.
Note that the interface setting, mapping, interface variants, and error handling
settings in the SAP Application Interface Framework are client-dependent.
You have to make sure that message processing and error handling is
executed in the correct client.

16

August 2012

2 SAP Application Interface Framework Overview


2.3 System Landscape
As a receiver, the legacy system is the consumer of information sent by the SAP backend
system using the SAP Application Interface Framework. When triggered manually or by an
application, the SAP Application Interface Framework executes the mapping from the internal
to the external structure and sends the information in the external format directly to the legacy
system or to SAP NetWeaver PI.
If you choose to use direct integration between the SAP backend system and the legacy
system, data is sent directly from the SAP backend system to the legacy system.
If you choose to use SAP NetWeaver PI for integration, SAP NetWeaver PI can act as the
information broker, provide security features, and offer many other technical integration
capabilities. Here, the technical mapping of the data structures or technical format
conversions (for example, using existing adapters) can be executed. If the communication
channel in your SAP NetWeaver PI is correctly configured, the message is sent to the legacy
system.
If data is sent through the SAP NetWeaver PI system, you have the option to use different
interface technologies for communication between the SAP backend system and SAP
NetWeaver PI and between SAP NetWeaver PI and the legacy system. In this case, a
technical format conversion needs to be done in SAP NetWeaver PI to translate from one
interface technology to the other.
Example 1: SAP Application Interface Framework installed on SAP ERP
In this example, an SAP ERP system acts as the SAP backend system as described in the
general scenario above.
Legacy System

SAP ERP

SAP NetWeaver PI

SAP Application
Interface
Framework
AddOn

Example 2: SAP Application Interface Framework installed on SAP SRM


In this example, an SAP SRM system acts as the SAP backend system as described in the
general scenario above.

Legacy System

SAP SRM

SAP NetWeaver PI

SAP Application
Interface
Framework
AddOn

Example 3: SAP Application Interface Framework installed on SAP ERP and SAP CRM

August 2012

17

2 SAP Application Interface Framework Overview


2.3 System Landscape
In this example, there is more than one SAP backend system. Every SAP backend system
requires its own installation of the SAP Application Interface Framework.

Legacy System

SAP ERP

SAP Application
Interface
Framework
AddOn

SAP CRM

SAP NetWeaver PI

SAP Application
Interface
Framework
AddOn

We strongly recommend that you use a minimal system landscape for test
and demo purposes only. For performance, scalability, high availability, and
security reasons, do not use a minimal system landscape as your production
landscape.

18

August 2012

2 SAP Application Interface Framework Overview


2.4 Overall Implementation Sequence

2.4 Overall Implementation Sequence


Purpose
The following table describes the overall installation sequence the SAP Application Interface
Framework. This table contains all available software units.
For the latest component version and patch level requirements, see the Support Package
Stack Guide on the SAP Service Marketplace at http://service.sap.com/.
For documentation listed in the following table, see References.

Process
Implementation Sequence
Step

Action
[Required Documentation]

Perform the installation of component AIF


701.
[SAP Note: 1747710]

Perform the (optional) installation of


component AIFX 701.
[SAP Note: 1747711]

Transport the delivered default Customizing


into target clients.

The delivered Customizing will


be imported only into client 000;
from there you can copy it into
your target clients.

Generate number ranges with report


/AIF/GENERATE_NUMBER_RANGES

Number ranges are not delivered


automatically; the mentioned
report does not overwrite
existing number ranges.

Read the FAQ for the SAP Application


Interface Framework.
[SAP Note: 1530212]

See this note for frequently


asked questions about the steps
that are necessary after the
installation of the SAP
Application Interface Framework.

Customize settings for the SAP Application


Interface Framework.
[Application Help for the SAP Application
Interface Framework 701,
in SAP Help Portal at
http://help.sap.com/
-> SAP Business Suite -> SAP ERP Add-Ons
-> SAP Application Interface Framework]
Or directly at http://help.sap.com/aif

August 2012

Remarks/Subsequent Steps

19

3 Business Scenarios of the SAP Application Interface Framework

3 Business Scenarios of the SAP


Application Interface Framework
The SAP Application Interface Framework tool does not provide its own business scenarios.
When you develop interfaces with this tool, you can maintain the business process
information in the SAP Solution Manager. For more information on how to maintain business
process information, view the documentation about Business Blueprints in the help of the
SAP Solution Manager in the SAP Help Portal at http://help.sap.com/ -> Application
Lifecycle Management ->SAP Solution Manager -> SAP Solution Manager 7.0.

20

August 2012

4 Security Considerations

4 Security Considerations
This section provides an overview of the security considerations that are specific to the SAP
Application Interface Framework.

The SAP Application Interface Framework is built on a SAP NetWeaver 700 system.
Therefore, the corresponding security settings also apply to the SAP Application Interface
Framework.

4.1 Fundamental Security Guides


For a complete list of the available SAP security guides, see SAP Security Guides on SAP
Service Marketplace at http://service.sap.com/securityguide. The current version
of the SAP NetWeaver security guide, which deals with general security issues, is also
available via this quick link.

Additional Information
For more information about specific security topics, see the following locations on SAP Service
Marketplace as shown in the table below:

Content

Location

Security
Security Guides
Released Platforms
Network Security
Infrastructure Security
SAP Solution Manager

http://service.sap.com/security
http://service.sap.com/securityguide
http://service.sap.com/platforms
http://service.sap.com/securityguide
http://service.sap.com/securityguide
http://service.sap.com/solutionmanager

August 2012

21

4 Security Considerations

4.2 Authorization Objects


The SAP Application Interface Framework allows you to specify various authorization
settings. In the following sections, each authorization object is explained with its description
and technical attributes.

4.2.1 Authorization Object for Interface


Processing /AIF/PROC
Definition
The authorization object /AIF/PROC is used by the system to check the users authorization
for processing a data message of a given interface in the SAP Application Interface
Framework.

Authorization Fields
Field Name

Heading

Authorization Object Setting

ACTVT

Activity

You can enter the following activities:


Import (60)
Export (61)
Resubmit (A4)

/AIF/NS

Namespace

This field refers to a namespace in the SAP


Application Interface Framework

/AIF/IF

Interface Name

This field refers to an interface name in the


SAP Application Interface Framework

/AIF/IFVER

Interface Version

This field refers to an interface version in the


SAP Application Interface Framework

/AIF/VNS

Variant Namespace

This field refers to a variant namespace name


in the SAP Application Interface Framework

/AIF/VNAME

Name of Interface
Variant

This field refers to a variant name in the SAP


Application Interface Framework

Usage
Messages are processed by a specific user. This user requires the authorization to (re-)
process data messages in the SAP Application Interface Framework.
The user PIAPPL is assigned the authorization to process data messages for
all namespaces, interface names, interface versions, and if applicable, variant
namespace and name.

22

August 2012

4 Security Considerations

4.2.2 Authorization Object for Customizing


Steps /AIF/CUST
Definition
The authorization object /AIF/CUST is used by the system to check the users authorization
for a Customizing activity in the SAP Application Interface Framework.

Authorization Fields
Field Name

Heading

Authorization Object Setting

ACTVT

Activity

You can enter the following activities:


Change (02)
Display (03)

/AIF/NS

Namespace

This field refers to a namespace in the SAP


Application Interface Framework

/AIF/MC

Customizing view

For available values, see table below

Usage
The field /AIF/NS can contain any namespace name. By specifying the namespace field, you
can limit the users authorization for Customizing activities to the specified namespaces.
An interface developer is authorized to create, edit, and delete interfaces in
namespace X but not Y.
For the field name /AIF/MC, the following values are allowed:
Value

Description

/AIF/NS

Define Namespaces

/AIF/ACTIONS

Define Actions

/AIF/CHECKS

Define Checks

/AIF/RECTYPES

Define Record Types

/AIF/FIXVALUES

Define Fix Values

/AIF/VALMAPS

Define Value Mappings

/AIF/V_FINF

Define Interfaces

/AIF/SMAP

Define Structure Mapping

/AIF/IFDET

Interface Determination

/AIF/SYSNAMES

Define Business Systems

/AIF/ERROR_HDL

Error Handling -> Define Applications

/AIF/ERROR_GLB

Error Handling -> Global Features

/AIF/ERROR_NS

Error Handling -> Define Namespace-Dependent Features

/AIF/ERROR_IF

Error Handling -> Define Interface-Dependent Features

/AIF/ALERT

Error Handling -> Define Recipients

/AIF/V_VARIANT

Interface Variants -> Define Interface Variants

August 2012

23

4 Security Considerations

/AIF/V_IFKEY

Interface Variants -> Define Interface Key Fields

/AIF/V_VA_ASSIGN

Interface Variants -> Define Assigning Tables

/AIF/VARIANT_MAPPINGS

Interface Variants -> Define Variant Mappings

4.2.3 Authorization Objects for Error Handling


/AIF/ERR
Definition
The authorization object /AIF/ERR is used by the system to check the users authorization for
error handling in the SAP Application Interface Framework.

Authorization Fields
Field Name

Heading

Authorization Object Setting

ACTVT

Activity

You can enter the following activities:


Execute (16) (means selecting from index tables)
Archive (24) (means starting the archiving report
using SARA)
Reload (25) (means restoring archived data using
SARA)
Read (33)
Write (34)
Display archive (56)
Administer (70) (means qRFC monitoring)
Analyze (71) (means displaying application log
messages)
Remove (75) (means canceling a message)
Resubmit (A4) (means restarting a message)
General overview (GL) (means XML monitoring)

/AIF/NS

Namespace

This field refers to a namespace in the SAP


Application Interface Framework

/AIF/IF

Interface Name

This field refers to an interface name in the SAP


Application Interface Framework

/AIF/IFVER

Interface Version

This field refers to an interface version in the SAP


Application Interface Framework

Usage
Using the activity field, you specify the actions that a user can execute in the system. You
might want to specify a user who only has read access to the transaction. You can further
limit the authorization by namespace, interface name, and interface version. As a result, the
user can execute the specified activities only for the defined namespace / interface name /
interface version combination.

24

August 2012

4 Security Considerations

4.2.4 Authorization Object for Technical Error


Handling /AIF/TECH
Definition
The authorization object /AIF/TECH is used by the system to check the users authorization
for the technical mode of error handling in the SAP Application Interface Framework.

Authorization Fields
Field Name

Heading

Authorization Object Setting

ACTVT

Activity

You can enter the following activity:


Activate (63)

Usage
This authorization object does not have any parameters or activities. If a user does not have
the authorization, the Technical Mode checkbox in the selection screen and the Technical
Mode pushbutton in the main screen of the Monitoring and Error Handling transaction are
hidden.

4.2.5 Authorization Object for Emergency


Corrections /AIF/EMC
Definition
The authorization object /AIF/EMC is used by the system to check the users authorization for
emergency corrections in the error handling of the SAP Application Interface Framework.

Authorization Fields
Field Name

Heading

Authorization Object Setting

ACTVT

Activity

You can enter the following activities:


Execute (16)
Read (33)
Write (34)
Administer (70)
Analyze (71)
Remove (75)
Resubmit (A4)
General overview (GL)

/AIF/NS

Namespace

This field refers to a namespace in the SAP


Application Interface Framework

Usage
Using the activity field, you specify the actions the user can execute in emergency correction
mode in the Monitoring and Error Handling transaction. You can further limit the authority to
execute the actions in emergency correction mode based on the interface namespace.
When executing the Monitoring and Error Handling transaction, the user first has to enter a
namespace and press the ENTER key. The system then checks the authorization for
emergency corrections and displays the Emergency Correction Mode checkbox, if applicable.

August 2012

25

4 Security Considerations

4.2.4 Authorization Objects for Custom


Functions /AIF/CFUNC
Definition
The authorization object /AIF/CFUNC is used by the system to check the users authorization
for custom functions for error handling in the SAP Application Interface Framework.

Authorization Fields
Field Name

Heading

Authorization Object Setting

ACTVT

Activity

You can enter the following activities:


Create or generate (01)
Change (02)
Display (03)
Delete (06)
Execute (16) (means executing in the Monitoring and
Error Handling transaction)

/AIF/NS

Namespace

This field refers to a namespace in the SAP


Application Interface Framework

/AIF/IF

Interface Name

This field refers to an interface name in the SAP


Application Interface Framework

/AIF/IFVER

Interface Version

This field refers to an interface version in the SAP


Application Interface Framework

/AIF/NSREC

Namespace of
Recipient

Not used at the moment; enter *

/AIF/VISI

Visibility

Not used at the moment; enter *

/AIF/OTHUS

Authorization for
other users

Not used at the moment; enter *

Usage
Using the activity field, you specify the actions the user can execute in Custom Functions in
the Monitoring and Error Handling transaction and the corresponding maintenance views for
custom functions.

4.2.4 Authorization Objects for Custom Hints


/AIF/HINTS
Definition
The authorization object /AIF/HINTS is used by the system to check the users authorization
for custom hints for error handling in the SAP Application Interface Framework.

Authorization Fields
Field Name

Heading

Authorization Object Setting

ACTVT

Activity

You can enter the following activities:

26

August 2012

4 Security Considerations

Create or generate (01)


Change (02)
Display (03)
Delete (06)
/AIF/NS

Namespace

This field refers to a namespace in the SAP


Application Interface Framework

/AIF/IF

Interface Name

This field refers to an interface name in the SAP


Application Interface Framework

/AIF/IFVER

Interface Version

This field refers to an interface version in the SAP


Application Interface Framework

/AIF/NSREC

Namespace of
Recipient

Not used at the moment; enter *

/AIF/VISI

Visibility

Not used at the moment; enter *

/AIF/OTHUS

Authorization for
other users

Not used at the moment; enter *

Usage
Using the activity field, you specify the actions the user can execute in Custom Hints in the
Monitoring and Error Handling transaction and the corresponding maintenance views of the
custom hints.

4.2.4 Authorization Object for Interface


Determination /AIF/IFDET
Definition
The authorization object /AIF/IFDET is used by the system to check the users authorization
for maintaining interface determination in the SAP Application Interface Framework.

Authorization Fields
Field Name

Heading

Authorization Object Setting

/AIF/IDTY

Application
Engine Identifier

Type of application engine:


000: Proxy
001: IDoc
002: XML
003: Test File
004: ECH

/AIF/NS

Namespace

Namespace of a customer-specific engine

/AIF/IDCTY

Identifier for a
CustomerSpecific AIF
Interface Type

Identifier of a customer-specific engine

/AIF/IDN1

Name 1 of
Interface Type

First key field of an engine

August 2012

27

4 Security Considerations

/AIF/IDN2

Name 2 of
Interface Type

Second key field of an engine

ACTVT

Activity

You can enter the following activity:


Create or generate (01)
Change (02)
Display (03)
Delete (06)

Usage
Using the activity field, you specify the actions the user can execute in the corresponding
maintenance views of interface determination.

4.2.6 Authorization Object for Value Mapping


Maintenance /AIF/VMAP
Definition
The authorization object /AIF/VMAP is used by the system to check the users authorization
to display and / or update value mappings in the value mapping transaction of the SAP
Application Interface Framework.

Authorization Fields
Field Name

Heading

Authorization Object Setting

ACTVT

Activity

You can enter the following activities:


Change (02)
Display (03)

/AIF/NS

Namespace

This field refers to a namespace in the SAP


Application Interface Framework

/AIF/VMAP

Value Mapping

This field refers to a value mapping name in


the SAP Application Interface Framework

/AIF/BSKEY

Key Name of Business


System

This field refers to a business system name

Usage
The authorization object protects the display/update of value mappings.
The authorization will be checked only in the value mapping transaction
/AIF/VMAP (and derived transaction variants), not in the Customizing activity
Define Value Mappings.

28

August 2012

4 Security Considerations

4.3 Template Roles


The SAP Application Interface Framework provides predefined template roles that you can
change or copy in order to define roles for your specific requirements.

4.3.1 Single Roles


The single roles delivered with the SAP Application Interface Framework provide suggestions
for the combination of different authorization objects and values in a role to fulfill a specific
task.

4.3.1.1 /AIF/CORRECT_DATA
You assign the role /AIF/CORRECT_DATA to users who are responsible for data consistency
in the SAP Application Interface Framework. The user has the authority to examine interface
data, correct inconsistencies, and execute the Monitoring and Error Handling transaction.
You could also assign this role to a batch user that is used to execute the Data Correction
Report on a regular basis as a background job.
The template role contains the following authorization data:
Authorization
Field
Values
Object
S_TCODE

TCD (Transaction Code)

/AIF/CORRECTIONS, /AIF/IDXTBL

/AIF/ERR

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

16 (Execute)

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

4.3.1.2 /AIF/CUST_CHANGE
You assign the role /AIF/CUST_CHANGE to users who have the responsibility to maintain
Customizing for the SAP Application Interface Framework. This involves changing interface
data, error handling settings, as well as interface variants. The user does not have the
authorization to process message data or change values in the Monitoring and Error
Handling transaction.
The template role contains the following authorization data:
Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/CUST, /AIF/CUST_OVERVIEW,
/AIF/CUST_SMAP_COPY,
/AIF/DEL_STRUC_CACHE,
/AIF/IF_TRACE, /AIF/RECIPIENTS

/AIF/CUST

/AIF/NS (Namespace)

(no value predefined)

/AIF/MC (Customizing
view)

/AIF/ACTIONS, /AIF/ALERT,
/AIF/CHECKS, /AIF/ERROR_GLB,
/AIF/ERROR_HDL, /AIF/ERROR_IF,
/AIF/ERROR_NS, /AIF/FIXVALUES,

August 2012

29

4 Security Considerations

/AIF/IFDET, /AIF/NS, /AIF/RECTYPES,


/AIF/SMAP, /AIF/T_TRACE_LV,
/AIF/VALMAPS,
/AIF/VARIANT_MAPPINGS,
/AIF/V_FINF, /AIF/V_FINF_TL,
/AIF/V_IFKEY, /AIF/V_SYSNAMES,
/AIF/V_VARIANT, /AIF/V_VA_ASSIGN

/AIF/ERR

S_TABU_DIS

ACTVT (Activity)

02 (Change), 03 (Display)

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

16 (Execute), 33 (Read)

ACTVT (Activity)

02 (Change), 03 (Display)

DICBERCLS
(Authorization Group)

AIF

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

4.3.1.3 /AIF/CUST_DISPLAY
You assign the role /AIF/CUST_DISPLAY to users who require display authorization for
Customizing for the SAP Application Interface Framework. This involves read access to
interface data, error handling settings, as well as interface variants. The role is designed for
business users with a technical background, who need to understand the steps in the
mapping, or interface developers after the development of a specific interface is finished.
Note that you can also limit the Customizing views that the user can display,
for example, only value mappings in a specific namespace.
The template role contains the following authorization data:
Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/CUST, /AIF/CUST_OVERVIEW,
/AIF/IF_TRACE, /AIF/RECIPIENTS

/AIF/CUST

/AIF/NS (Namespace)

(no value predefined)

/AIF/MC (Customizing
view)

/AIF/ACTIONS, /AIF/ALERT, /AIF/CHECKS,


/AIF/ERROR_GLB, /AIF/ERROR_HDL,
/AIF/ERROR_IF, /AIF/ERROR_NS,
/AIF/FIXVALUES, /AIF/IFDET, /AIF/NS,
/AIF/RECTYPES, /AIF/SMAP,
/AIF/T_TRACE_LV, /AIF/VALMAPS,
/AIF/VARIANT_MAPPINGS, /AIF/V_FINF,
/AIF/V_FINF_TL, /AIF/V_IFKEY,
/AIF/V_SYSNAMES, /AIF/V_VARIANT,
/AIF/V_VA_ASSIGN

ACTVT (Activity)

03 (Display)

30

August 2012

4 Security Considerations

/AIF/ERR

S_TABU_DIS

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

16 (Execute), 33 (Read)

ACTVT (Activity)

03 (Display)

DICBERCLS (Authorization
Group)

AIF

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

4.3.1.4 /AIF/DATA_CHANGE_LOG
You assign the role /AIF/DATA_CHANGE_LOG to users who have the responsibility to check
the changes made to the messages contents in the Monitoring and Error Handling
transaction by a business user. This user has the authorization to execute the Monitoring and
Error Handling transaction, as well as execute the Error Handling Changes Log to analyze
the changes.
Note that a user with this role might have access to personal information, for
example, which user changed a specific part of a data message at a certain
time.
The template role contains the following authorization data:
Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/EDCHANGES

/AIF/ERR

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

16 (Execute)

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

4.3.1.5 /AIF/ERRHDL_CHANGE
You assign the role /AIF/ERRHDL_CHANGE to users who have the responsibility to carry out
error handling, make changes to predefined fields of data messages, and/or resubmit or
cancel data messages. Users with this role can also view the Monitoring and Error Handling
transaction in the technical mode, which allows them, for example, to transform the message
for test reasons. Note that this role does not include the authorization to display or maintain
value mappings. It is recommended to assign this role on the basis of specific namespaces /
interface names / interface versions to make sure that the user has the knowledge and
authority to change the corresponding data messages.
The template role contains the following authorization data:

August 2012

31

4 Security Considerations

Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/ERR, /AIF/ERR_BASE,
/AIF/IFMON

/AIF/ERR

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

16 (Execute), 33 (Read), 34 (Write), 70


(Administer), 71 (Analyze), 75
(Remove), A4 (Resubmit), GL (General
overview)

ACTVT (Activity)

63 (Activate)

/AIF/TECH

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

4.3.1.6 /AIF/ERRHDL_CHANGE_EMC
You assign the role /AIF/ERRHDL_CHANGE_EMC to users who have the responsibility to
carry out emergency corrections in the error handling, that is, make changes to any field in
the data messages and/or resubmit or cancel them.
When executing the Monitoring and Error Handling transaction, the user with this role will first
have to enter a namespace and press the ENTER key. The system will then check the
authorization for emergency corrections and display the Emergency Correction Mode
checkbox, if applicable. This role will also allow the user to use the technical mode in the
Monitoring and Error Handling transaction.
Note that this role allows making changes in message fields that are not
explicitly released for changes. It is recommended not to assign this role to
normal business users but only to users who are properly trained and trusted
to carry out emergency corrections for an interface.
The template role contains the following authorization data:
Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/ERR, /AIF/ERR_BASE,
/AIF/IFMON

/AIF/EMC

/AIF/NS (Namespace)

(no value predefined)

ACTVT

16 (Execute), 33 (Read), 34 (Write), 70


(Administer), 71 (Analyze), 75
(Remove), A4 (Resubmit), GL (General
overview)

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

/AIF/ERR

32

August 2012

4 Security Considerations

/AIF/TECH

ACTVT (Activity)

16 (Execute), 33 (Read), 34 (Write), 70


(Administer), 71 (Analyze), 75
(Remove), A4 (Resubmit), GL (General
overview)

ACTVT (Activity)

63 (Activate)

Note that the values for namespace, value mapping, and key name of
business system are not predetermined. In order to use the role, you have to
fill these fields with your custom names.

4.3.1.7 /AIF/ERRHDL_DISPLAY
You assign the role /AIF/ERRHDL_CHANGE to users who have the responsibility to analyze
message data for error handling but are not authorized to change message data or reprocess
/ cancel the messages. Users with this role can also view the Monitoring and Error Handling
transaction in the technical mode, which allows them to transform the message for test
reasons.
The template role contains the following authorization data:
Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/ERR, /AIF/ERR_BASE,
/AIF/IFMON

/AIF/ERR

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

16 (Execute), 33 (Read), GL (General


overview)

ACTVT (Activity)

63 (Activate)

/AIF/TECH

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

4.3.1.8 /AIF/ERRHDL_DISPLAY_EMC
You assign the role /AIF/ERRHDL_DISPLAY_EMC to users who have the responsibility of
analyzing message data for error handling in emergency correction mode but are not
authorized to change message data or reprocess / cancel the messages. Users with this role
can also view the Monitoring and Error Handling transaction in the technical mode, which
allows them to transform the message for test reasons.
Note that users with this role have the authorization to view and select the
emergency correction checkbox but not to carry out emergency corrections,
since they only have read access to the data.
The template role contains the following authorization data:
Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/ERR, /AIF/ERR_BASE,

August 2012

33

4 Security Considerations

/AIF/IFMON
/AIF/EMC

/AIF/ERR

/AIF/TECH

/AIF/NS (Namespace)

(no value predefined)

ACTVT

16 (Execute), 33 (Read), GL (General


overview)

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

16 (Execute), 33 (Read), GL (General


overview)

ACTVT (Activity)

63 (Activate)

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

4.3.1.9 /AIF/LOG_DISPLAY
You assign the role /AIF/LOG_DISPLAY to users who have the responsibility to check the
messages in the application log raised by the SAP Application Interface Framework but do
not necessarily have to execute the error handling transaction.
Note that users with this authorization can access the log messages from
data messages of any interface.
The template role contains the following authorization data:
Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/LOG

4.3.1.10 /AIF/MESSAGE_NOTIFICATION
You assign the role /AIF/MESSAGE_NOTIFICATION to users who should be able to run the
Message Overview Notification report.
The template role contains the following authorization data:
Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/MSGNOTI

4.3.1.11 /AIF/MSG_STAT_SNAP_SHOT
You assign the role /AIF/MSG_STAT_SNAP_SHOT to users who have the responsibility to
create or display snapshots of statistics and summary data for messages in the SAP
Application Interface Framework.
Note that users with this authorization can access the statistics data for all
available interfaces and can find out how the recipient assignment is
configured in the system.
The template role contains the following authorization data:

34

August 2012

4 Security Considerations

Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/DISPMSGSNAP,
/AIF/GENMSGSNAP

4.3.1.12 /AIF/PERFORMANCE_ANALYSIS
You assign the role /AIF/PERFORMANCE_ANALYSIS to users who have the responsibility
to monitor or analyze the performance of the operations executed by the SAP Application
Interface Framework. The role allows access to the Performance Analysis Help transaction.
This role is recommended for interface developers during implementation of the interface and
system administrators responsible for monitoring system performance.
The template role contains the following authorization data:
Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/PERFORMANCE

/AIF/ERR

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

16 (Execute), 71 (Analyze)

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

4.3.1.13 /AIF/PROCESS_INB
You assign the role /AIF/PROCESS_INB to the users who are required to process inbound
interface data. This could either be a batch user responsible for message processing or a
dialog user under whose name the message is processed.
The template role contains the following authorization data:
Authorization
Object

Field

Values

/AIF/PROC

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

/AIF/VNS (Variant
Namespace)

(no value predefined)

/AIF/VNAME (Name of
interface variant)

(no value predefined)

ACTVT (Activity)

60 (Import)

Note that the values for namespace, interface name, interface version, variant
namespace, and interface variant name are not predetermined. In order to
use the role, you have to fill these fields with your custom names.

August 2012

35

4 Security Considerations

4.3.1.14 /AIF/PROCESS_OUTB
You assign the role /AIF/PROCESS_OUTB to the users who are required to process
outbound interface data. This could either be a batch user responsible for message
processing or a dialog user under whose name the message is processed.
The template role contains the following authorization data:
Authorization
Object

Field

Values

/AIF/PROC

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

/AIF/VNS (Variant
Namespace)

(no value predefined)

/AIF/VNAME (Name of
interface variant)

(no value predefined)

ACTVT (Activity)

61 (Export)

Note that the values for namespace, interface name, interface version, variant
namespace, and interface variant name are not predetermined. In order to
use the role, you have to fill these fields with your custom names.

4.3.1.15 /AIF/PROCESS_RES
You assign the role /AIF/PROCESS_RES to the users who are responsible for restarting
messages as part of the error handling. Note that the SAP Application Interface Framework
does not differentiate between restarting unchanged data messages and restarting data
messages that have been changed as part of the error handling.
The template role contains the following authorization data:
Authorization
Object

Field

Values

/AIF/PROC

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

/AIF/VNS (Variant
Namespace)

(no value predefined)

/AIF/VNAME (Name of
interface variant)

(no value predefined)

ACTVT (Activity)

A4 (Resubmit)

Note that the values for namespace, interface name, interface version, variant
namespace, and interface variant name are not predetermined. In order to
use the role, you have to fill these fields with your custom names.

4.3.1.16 /AIF/SWITCH_FRAMEWORK

36

August 2012

4 Security Considerations

You assign the role /AIF/SWITCH_FRAMEWORK to users who should be able to access the
SAP Application Interface Framework internal switch framework.
The template role contains the following authorization data:
Authorization
Object

Field

Values

S_TCODE

TCD (Transaction Code)

/AIF/MYTRANSPORTS,
/AIF/NEWDEVIDS, /AIF/NEWDEVPRO,
/AIF/TOPICDEF, /AIF/TOPICSTATUS,
/AIF/TOPICSTATUSH,
/AIF/TOPICSTATUSHALL,
/AIF/TOPICSTATUSINIT,
/AIF/USERATTR, /AIF/USERMGR,
/AIF/USERMGR2

4.3.1.17 /AIF/TEST_TOOL
You assign the role /AIF/TEST_TOOL to users who should be able to run the Interface Test
Tool. Since this report allows processing of self-defined data for any interface, it is
recommended not to use or to strictly limit access to this role in a productive system. This
role is suggested for interface developers who need to test their interfaces.
The template role contains the following authorization data:
Authorization
Object

Field

Values

/AIF/T_CODE

TCD (Transaction Code)

/AIF/IFTEST

/AIF/PROC

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

/AIF/VNS (Variant
Namespace)

(no value predefined)

/AIF/VNAME (Name of
interface variant)

(no value predefined)

ACTVT (Activity)

61 (Export)

Note that the values for namespace, interface name, interface version, variant
namespace, and interface variant name are not predetermined. In order to
use the role, you have to fill these fields with your custom names.

4.3.1.18 /AIF/VMAP_CHANGE
You assign the role /AIF/VMAP_CHANGE to users who are responsible for maintaining value
mappings in a specific namespace and/or for a specific business system.
The template role contains the following authorization data:
Authorization
Object

Field

Values

/AIF/T_CODE

TCD (Transaction Code)

/AIF/VMAP, /AIF/VMAP_BASE

/AIF/VMAP

/AIF/NS (Namespace)

(no value predefined)

/AIF/VMAP (Value

(no value predefined)

August 2012

37

4 Security Considerations

Mapping)
/AIF/BSKEY (Key Name of
Business System)

(no value predefined)

ACTVT (Activity)

02 (Change), 03 (Display)

Note that the values for namespace, value mapping, and key name of
business system are not predetermined. In order to use the role, you have to
fill these fields with your custom names.

4.3.1.19 /AIF/VMAP_DISPLAY
You assign the role /AIF/VMAP_CHANGE to users who should be able to analyze, but not
change, value mappings in a specific namespace and/or for a specific business system.
The template role contains the following authorization data:
Authorization
Object

Field

Values

/AIF/T_CODE

TCD (Transaction Code)

/AIF/VMAP, /AIF/VMAP_BASE

/AIF/VMAP

/AIF/NS (Namespace)

(no value predefined)

/AIF/VMAP (Value
Mapping)

(no value predefined)

/AIF/BSKEY (Key Name of


Business System)

(no value predefined)

ACTVT (Activity)

03 (Display)

Note that the values for namespace, value mapping, and key name of
business system are not predetermined. In order to use the role, you have to
fill these fields with your custom names.

4.3.1.19 /AIF/ARC_CREATE
You assign the role /AIF/ARC_CREATE to users who should be able to create archives of the
XML persistence in a specific namespace or interface.
The template role contains the following authorization data:
Authorization
Object

Field

Values

/AIF/T_CODE

TCD (Transaction Code)

SARA

/AIF/ERR

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

56 (Display Archive)

S_ADMI_FCD

S_ADMI_FCD

(no value predefined)

S_ARCHIVE

ACTVT

01, 02, 03

38

August 2012

4 Security Considerations

S_BTCH_JOB

S_BTCH_NAM

APPLIC

$APPLIC

ARCH_OBJ

/AIF/PERSX

JOBACTION

JOBGROUP

BTCUNAME

(no value predefined)

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

4.3.1.19 /AIF/ARC_DISPLAY
You assign the role /AIF/ARC_DISPLAY to users who should be able to display archives of
the XML persistence in a specific namespace or interface.
The template role contains the following authorization data:
Authorization
Object

Field

Values

/AIF/T_CODE

TCD (Transaction Code)

SARA

/AIF/ERR

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

56 (Display Archive)

S_ADMI_FCD

S_ADMI_FCD

(no value predefined)

S_ARCHIVE

ACTVT

03

APPLIC

$APPLIC

ARCH_OBJ

/AIF/PERSX

JOBACTION

(no value predefined)

JOBGROUP

(no value predefined)

BTCUNAME

(no value predefined)

S_BTCH_JOB

S_BTCH_NAM

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

4.3.1.19 /AIF/ARC_RELOAD
You assign the role /AIF/ARC_RELOAD to users who should be able to reload data from
archives of the XML persistence in a specific namespace or interface.
The template role contains the following authorization data:

August 2012

39

4 Security Considerations

Authorization
Object

Field

Values

/AIF/T_CODE

TCD (Transaction Code)

SARA

/AIF/ERR

/AIF/NS (Namespace)

(no value predefined)

/AIF/IF (Interface Name)

(no value predefined)

/AIF/IFVER (Interface
Version)

(no value predefined)

ACTVT (Activity)

25 (Reload)

S_ADMI_FCD

S_ADMI_FCD

(no value predefined)

S_ARCHIVE

ACTVT

01, 02, 03

APPLIC

$APPLIC

ARCH_OBJ

/AIF/PERSX

JOBACTION

(no value predefined)

JOBGROUP

(no value predefined)

BTCUNAME

(no value predefined)

S_BTCH_JOB

S_BTCH_NAM

Note that the values for namespace, interface name, and interface version are
not predetermined. In order to use the role, you have to fill these fields with
your custom names.

40

August 2012

4 Security Considerations

4.3.2 Composite Roles


4.3.2.1 /AIF/ADMINISTRATOR
Purpose
You assign the role /AIF/ADMINISTRATOR to users who are responsible for system
administration. The role involves all authorizations required to analyze system operations. It
includes read access to the Customizing (though you might want to exchange
/AIF/CUST_DISPLAY with /AIF/CUST_CHANGE if the administrator is responsible for error
handling application setup), as well as read access to the error handling application, value
mappings, error handling change data, and application log messages. Additionally, the role
allows performance analysis and the creation or display of snapshots for messages in the
SAP Application Interface Framework.

Contained Roles
/AIF/ADMINISTRATOR is composed of the single roles
/AIF/CUST_DISPLAY
/AIF/DATA_CHANGE_LOG
/AIF/ERRHDL_DISPLAY
/AIF/LOG_DISPLAY
/AIF/MESSAGE_NOTIFICATION
/AIF/MSG_STAT_SNAP_SHOT
/AIF/PERFORMANCE_ANALYSIS
/AIF/SWITCH_FRAMEWORK
/AIF/VMAP_DISPLAY
/AIF/ARC_CREATE
/AIF/ARC_DISPLAY

4.3.2.2 /AIF/DATA_FIXER
Purpose
You assign the role /AIF/DATA_FIXER to users who are responsible for data consistency in
the SAP Application Interface Framework. For more information, see the documentation for
the single role /AIF/CORRECT_DATA.

Contained Roles
/AIF/DATA_FIXER contains the single role /AIF/CORRECT_DATA.

4.3.2.3 /AIF/INTERFACE_DEVELOPER
Purpose
You assign the role /AIF/INTERFACE_DEVELOPER to users who are responsible for
interface development. This role is recommended for all interface developers in the
development phase. The role involves authorization to change Customizing, which is required
to develop interfaces in the SAP Application Interface Framework. Additionally, the role
involves access to the functions of normal business users (role /AIF/BUSINESS_USER), the
Interface Test Tool, the application log messages, and the Performance Analysis tool.

August 2012

41

4 Security Considerations

Note that you might want to limit the Customizing views the user can access.
Also be aware that the role /AIF/INTERFACE_DEVELOPER does not include
the developer role in the system. If the user is required to create function
modules, classes, or other development objects, the corresponding
authorization has to be assigned additionally.

Contained Roles
/AIF/INTERFACE_DEVELOPER is composed of the following single roles:
/AIF/CUST_CHANGE
/AIF/ERRHDL_CHANGE
/AIF/ERRHDL_DISPLAY
/AIF/LOG_DISPLAY
/AIF/PERFORMANCE_ANALYSIS
/AIF/PROCESS_INB
/AIF/PROCESS_OUTB
/AIF/PROCESS_RES
/AIF/TEST_TOOL
/AIF/VMAP_CHANGE
/AIF/VMAP_DISPLAY

4.3.2.4 /AIF/KEY_USER
Purpose
You assign the role /AIF/KEY_USER to users who are responsible for extended error
handling. This role is recommended for users who have to carry out critical error handling
operations that are not allowed for normal error handling as with the role
/AIF/BUSINESS_USER. In addition to the authorizations of the role /AIF/BUSINESS_USER,
this role includes the authorization to make error corrections in emergency mode.
Additionally, the users can run the Interface Test Tool, generate and display message
snapshots, and display log messages in the application log raised by the SAP Application
Interface Framework.
Note that users with this authorization can access the log messages from
data messages of any interface using transaction /AIF/LOG.

Contained Roles
/AIF/KEY_USER is composed of the single roles
/AIF/ERRHDL_CHANGE_EMC
/AIF/ERRHDL_DISPLAY_EMC
/AIF/LOG_DISPLAY
/AIF/MESSAGE_NOTIFICATION
/AIF/MSG_STAT_SNAP_SHOT
/AIF/PROCESS_INB
/AIF/PROCESS_OUTB

42

August 2012

4 Security Considerations

/AIF/PROCESS_RES
/AIF/TEST_TOOL
/AIF/VMAP_CHANGE
/AIF/VMAP_DISPLAY
/AIF/ARC_CREATE
/AIF/ARC_DISPLAY

4.3.2.5 /AIF/BUSINESS_USER
Purpose
You assign the role /AIF/BUSINESS_USER to users who are responsible for error handling.
This role is recommended for all normal business users. It includes the authorization to
display and change fields of the message data in the Monitoring and Error Handling
transaction, restart and/or cancel data messages, and maintain value mappings. The role
does not include the authorization to carry out emergency corrections, view the Monitoring
and Error Handling transaction in technical mode, or display / change the configuration or
interface Customizing.
Note that you can limit the authorization to specific namespaces / interface
names / interface versions.

Contained Roles
/AIF/BUSINESS_USER is composed of the single roles
/AIF/ERRHDL_CHANGE
/AIF/ERRHDL_DISPLAY
/AIF/PROCESS_INB
/AIF/PROCESS_OUTB
/AIF/PROCESS_RES
/AIF/VMAP_CHANGE
/AIF/VMAP_DISPLAY

4.3.2.6 /AIF/ALL
Purpose
You assign the role /AIF/ALL to users who require read and write access to all parts of the
SAP Application Interface Framework. Users with this role can configure the SAP Application
Interface Framework, maintain interfaces, value mappings and interface variants, process
messages, and access log overviews. From a security perspective, it is not recommended to
assign this role.

Contained Roles
/AIF/ALL is composed of the following single roles:
/AIF/CORRECT_DATA
/AIF/CUST_CHANGE
/AIF/CUST_DISPLAY
/AIF/DATA_CHANGE_LOG

August 2012

43

4 Security Considerations

/AIF/ERRHDL_CHANGE
/AIF/ERRHDL_CHANGE_EMC
/AIF/ERRHDL_DISPLAY
/AIF/ERRHDL_DISPLAY_EMC
/AIF/LOG_DISPLAY
/AIF/MESSAGE_NOTIFICATION
/AIF/MSG_STAT_SNAP_SHOT
/AIF/PERFORMANCE_ANALYSIS
/AIF/PROCESS_INB
/AIF/PROCESS_OUTB
/AIF/PROCESS_RES
/AIF/SWITCH_FRAMEWORK
/AIF/TEST_TOOL
/AIF/VMAP_CHANGE
/AIF/VMAP_DISPLAY
/AIF/ARC_CREATE
/AIF/ARC_DISPLAY
/AIF/ARC_RELOAD

44

August 2012

4 Security Considerations

4.4 Interface- and Key-Field-Specific


Authorizations
Using the available Customizing activities within the SAP Application Interface Framework,
you are able to set up interface-specific and key field-specific authorizations. This lets you
specify authorizations on the basis of a single messages content. Assume, for example, that
a data message includes a plant and a business system identifier. A business user is
responsible only for a specific plant / business system combination, so they should only be
allowed to display and/or change messages for their combination.
To achieve this, you have to do two things:
1. Specify the fields that are relevant for authorizations as key fields and include them in
a custom single index table.
2. Create a custom authorization object.
The steps required to define key fields are described in the system documentation of the
corresponding Customizing activities. The authorization object needs to fulfill the following
requirements:
It requires a field called ACTVT
The available activities in the ACTVT field must be the same as for the authorization
object /AIF/ERR
It requires one field for each key field that serves as the basis for the authorization

August 2012

45

4 Security Considerations

4.5 Considerations about Data Protection


As a technical framework that allows changing business-critical interface data, the SAP
Application Interface Framework is required to save user-related information that could be
marked as personal, private, or confidential. The access to this information is limited by
authorizations. The following user-related or potentially confidential data is saved and could
be accessed using the SAP Application Interface Framework.

4.5.1 Single or Multi Message Index Table


The single or multi message index tables, which record aggregated information on a perdata-message-level, contain fields for the following:
The user name of the user that processed the message, along with the date and time
of initial message processing
The user name of the user that last changed the message (restarted or cancelled it),
along with the date and time of the action
Data in the single or multi index tables is not visible on any screen within the SAP Application
Interface Framework. It can only be accessed through direct database query or the ABAP
dictionary.

4.5.2 Log of Changes in the Error Handling


Changes to a data messages field values that originated from the Monitoring and Error
Handling transaction are recorded in a log table. The following information is saved:
The name and path of the changed field along with the old and new value
The user name of the user who initiated the change along with the date and time of
the change
The changes log data can be viewed in the Error Handling Changes Log transaction. This
transaction is protected by authorization object S_TCODE. The transaction enables the user
to see a list of changes. Only when the user selects a change log entry and chooses to view
the details, is the user name of the user who made the change displayed.

4.5.3 Information Contained in Interface Data


Depending on your interfaces, message data might contain personal, private, or confidential
information. This information will be accessible by all users who have the authorization to
display or change messages of the interface in the Monitoring and Error Handling transaction.
If you identify such information and do not want the information to be available for error
handling, you can define the corresponding structures as Hide Structures. You can do this in
Customizing for the SAP Application Interface Framework under Namespace-Specific
Features.

46

August 2012

5 References

5 References
List of Documents
The following table lists all documents mentioned in this Master Guide that are relevant to the
SAP Application Interface Framework.
Title

Where to Find

Implementation Guide (IMG) for the


Application Interface Framework 700

In the SAP Application Interface Framework


system(s), execute Transaction /AIF/CUST

Application Help for the SAP


Application Interface Framework

SAP Help Portal at http://help.sap.com/


-> SAP Business Suite -> SAP ERP Add-On ->
SAP Application Interface Framework

List of SAP Notes


The following table lists all SAP Notes mentioned in this Master Guide.
SAP Note Number

Title

Description

1747710

AIF 701: Installation Note

See this note for the detailed


information about installing the main
component of SAP Application
Interface Framework 2.0

1747711

AIFX 701: Installation Note

See this note for the detailed


information about installing the
optional component of SAP
Application Interface Framework 2.0

1530212

SAP Application Interface


Framework FAQ

See this note for frequently asked


questions about the SAP Application
Interface Framework

1241303

Dynamic documents: Multiple


registration of events

In a dynamic document, as it is used


in the Interface Overview transaction
of the SAP Application Interface
Framework, form elements such as
pushbuttons, input fields, selection
lists, and hyperlinks respond several
times to an event.

1684718

WDA: Transaction WDYID Configuration ID is lost

Only needed if you install the optional


component AIFX 701 and use
Monitoring and Error Handling (Web)
from the SAP Easy Access menu.

1241303

Dynamic documents: Multiple


registration of events

In a dynamic document, as it is used


in the Interface Overview transaction
of the SAP Application Interface
Framework, form elements such as
pushbuttons, input fields, selection
lists, and hyperlinks respond several
times to an event.

1726101

Tables with more then five


key elements are not
supported

This note is only needed if you install


the optional component AIFX 701
and use the Service Implementation
Workbench (SIW) template.

August 2012

47

5 References

1705786

SIW: Language conflict with


LOCAL packages

This note is only needed if you install


the optional component AIFX 701
and use the SIW template.

1698269

SIW: Misleading error


message

This note is only needed if you install


the optional component AIFX 701
and use the SIW template.

1718473

SIW: Dump after leaving


ungenerated project

This note is only needed if you install


the optional component AIFX 701
and use the SIW template.

48

August 2012

6 Media List

6 Media List
All deliverables for the SAP Application Interface Framework 700 are shipped electronically
and no shipment is made via DVDs (or similar kind of data carrier media).

August 2012

49

7 Release Availability Information

7 Release Availability Information


For more information about currently available releases for the SAP Application Interface
Framework, and for each release, the SAP standard software required to install and use the
solution, see http://www.service.sap.com/fbs/availability.

50

August 2012

SAP AG
Dietmar-Hopp-Allee 16
69190 Walldorf
Germany
T +49/18 05/34 34 24
F +49/18 05/34 34 20
www.sap.com

Copyright 2012 SAP AG. All rights reserved

trademark of Bluetooth SIG Inc. Motorola is a registered trademark of

SAP Library document classification: PUBLIC

Motorola Trademark Holdings LLC. Computop is a registered

No part of this publication may be reproduced or transmitted in any

trademark of Computop Wirtschaftsinformatik GmbH. SAP, R/3, SAP

form or for any purpose without the express permission of SAP AG.

NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects

The information contained herein may be changed without prior

Explorer, StreamWork, SAP HANA, and other SAP products and

notice. Some software products marketed by SAP AG and its

services mentioned herein as well as their respective logos are

distributors contain proprietary software components of other software

trademarks or registered trademarks of SAP AG in Germany and other

vendors. Microsoft, Windows, Excel, Outlook, PowerPoint,

countries. Business Objects and the Business Objects logo,

Silverlight, and Visual Studio are registered trademarks of Microsoft

BusinessObjects, Crystal Reports, Crystal Decisions, Web

Corporation. IBM, DB2, DB2 Universal Database, System i, System

Intelligence, Xcelsius, and other Business Objects products and

i5, System p, System p5, System x, System z, System z10, z10, z/VM,

services mentioned herein as well as their respective logos are

z/OS, OS/390, zEnterprise, PowerVM, Power Architecture, Power

trademarks or registered trademarks of Business Objects Software Ltd.

Systems, POWER7, POWER6+, POWER6, POWER, PowerHA,

Business Objects is an SAP company. Sybase and Adaptive Server,

pureScale, PowerPC, BladeCenter, System Storage, Storwize, XIV,

iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products

GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2,

and services mentioned herein as well as their respective logos are

AIX, Intelligent Miner, WebSphere, Tivoli, Informix, and Smarter

trademarks or registered trademarks of Sybase Inc. Sybase is an SAP

Planet are trademarks or registered trademarks of IBM Corporation.

company. Crossgate, m@gic EDDY, B2B 360, and B2B 360

Linux is the registered trademark of Linus Torvalds in the United

Services are registered trademarks of Crossgate AG in Germany and

States and other countries. Adobe, the Adobe logo, Acrobat,

other countries. Crossgate is an SAP company. All other product and

PostScript, and Reader are trademarks or registered trademarks of

service names mentioned are the trademarks of their respective

Adobe Systems Incorporated in the United States and other countries.

companies. Data contained in this document serves informational

Oracle and Java are registered trademarks of Oracle and its affiliates.

purposes only. National product specifications may vary. These

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the

materials are subject to change without notice. These materials are

Open Group. Citrix, ICA, Program Neighborhood, MetaFrame,

provided by SAP AG and its affiliated companies ("SAP Group") for

WinFrame, VideoFrame, and MultiWin are trademarks or registered

informational purposes only, without representation or warranty of any

trademarks of Citrix Systems Inc. HTML, XML, XHTML, and W3C

kind, and SAP Group shall not be liable for errors or omissions with

are trademarks or registered trademarks of W3C, World Wide Web

respect to the materials. The only warranties for SAP Group products

Consortium, Massachusetts Institute of Technology. Apple, App Store,

and services are those that are set forth in the express warranty

iBooks, iPad, iPhone, iPhoto, iPod, iTunes, Multi-Touch, Objective-C,

statements accompanying such products and services, if any. Nothing

Retina, Safari, Siri, and Xcode are trademarks or registered trademarks

herein should be construed as constituting an additional warranty.

of Apple Inc. IOS is a registered trademark of Cisco Systems Inc.

Disclaimer

RIM, BlackBerry, BBM, BlackBerry Curve, BlackBerry Bold,

Some components of this product are based on Java. Any code

BlackBerry Pearl, BlackBerry Torch, BlackBerry Storm, BlackBerry

change in these components may cause unpredictable and severe

Storm2, BlackBerry PlayBook, and BlackBerry App World are

malfunctions and is therefore expressively prohibited, as is any

trademarks or registered trademarks of Research in Motion Limited.

decompilation of these components.

Google App Engine, Google Apps, Google Checkout, Google Data

Any Java Source Code delivered with this product is only to be used

API, Google Maps, Google Mobile Ads, Google Mobile Updater,

by SAPs Support Services and may not be modified or altered in any

Google Mobile, Google Store, Google Sync, Google Updater, Google

way.

Voice, Google Mail, Gmail, YouTube, Dalvik and Android are

Documentation in the SAP Service Marketplace

trademarks or registered trademarks of Google Inc. INTERMEC is a

You can find this documentation at the following Internet address:

registered trademark of Intermec Technologies Corporation. Wi-Fi is a


registered trademark of Wi-Fi Alliance. Bluetooth is a registered

service.sap.com/instguides

Typographic
Conventions
Type Style
Example Text

Icons
Icon

Meaning

Represents

Caution

Words or characters that


appear on the screen. These
include field names, screen
titles, pushbuttons as well as
menu names, paths and
options.
Cross-references to other
documentation

Example

Example text

Emphasized words or phrases


in body text, titles of graphics
and tables

EXAMPLE TEXT

Names of elements in the


system. These include report
names, program names,
transaction codes, table
names, and individual key
words of a programming
language, when surrounded by
body text, for example,
SELECT and INCLUDE.

Example text

Screen output. This includes


file and directory names and
their paths, messages, names
of variables and parameters,
source code as well as names
of installation, upgrade and
database tools.

Example text

Exact user entry. These are


words or characters that you
enter in the system exactly as
they appear in the
documentation.

<Example text>

Variable user entry. Pointed


brackets indicate that you
replace these words and
characters with appropriate
entries.

EXAMPLE TEXT

Keys on the keyboard, for


example, function keys (such
as F2) or the ENTER key.

Note
Recommendation
Syntax