Agents configuration

1. PRO agent configuration

  1. Go to the Agents tab on Configuration page and add your agent system through Create Agent button:

    new agent PRO

  2. Configure the agent.

1.1. Common configuration

  • System ID - the system identifier of SAP system.

  • Platform - select the type of your agent system - PRO.

  • Version - the version of Process Orchestration system. It’s used to create correct XI 3.0 sender channel.

  • Username, Password, Protocol, Host, Port - common connection settings.

  • Virtual - set this flag if you are not going to use that agent for messages recording (e.g., after transferring test data from one system to another). Virtual agents can’t be synchronized, JMS connection will not be established for virtual agents while application bootstrap and you also can’t test their configuration.

  • Production system disables testing and send message requests management on current agent.

  • Decentral Adapter Engine configures decentral adapter engine (a separate PI/PO system that is used for message processing in order to distribute the load).

    decentral adapter engine

    Type Decentral Adapter Engine Label (is used in the communication channels) and select Parent Agent (is a link to the main system with central adapter engine, required field).

    Decentral Adapter Engine configuration example: if you have PRO system with the central adapter engine (e.g. DPC) and 2 PRO systems with the decentral adapter engine (e.g. DPD1 and DPD2), you need to create the following agents:

    • Agent DPC with empty Decentral Adapter Engine property because it is the central adapter engine.

    • Agents DPD1 and DPD2 with enabled Decentral Adapter Engine property and the following configuration:

      • Decentral Adapter Engine Label is label in <AdapterEngineName> tag in a channel payload:

        decentral adapter engine label

      • Parent Agent is previously created DPC agent.

  • Timezone - SAP instance timezone, must be defined in GMT format (e.g., GMT+1, GMT-4). Since 2.15.2 release Figaf Tool tries to fetch timezone from the server. If it can’t be fetched, you’ll see an error and have to define this value manually. Also the actual timezone are fetched and updated in the agent model during the synchronization startup.

  • P4 Host - internal hostname of the SAP instance, it is used for connecting to P4 port (EJB client integration). By default, the main Host value will be used. You must configure that field separately if the Host value is a hostname of your HTTP load balancer. That hostname can’t be used for connecting to P4 port.

  • P4 Port - P4 port value, defined in the SAP instance.

1.2. Change Tracking Config configures CTT settings

  • Enable automatic synchronization enables automatic synchronization. If it’s true, you need to configure Synchronization Cron Expression and if you want to synchronize objects forcibly, enable Synchronize forcibly setting.

  • Synchronize used sap repository objects on demand enables synchronization of used sap repository objects. If it is false, all sap repository objects will be synchronized.

  • Reset synchronization query - use that function to remove cached values of last change dates for each tracked object types. These dates are used in synchronization algorithm to minimize amount of objects to check (checking only changed objects).

1.3. Testing Tool Config configures settings for Testing Tool.

  • Use the most appropriate messages logging approach by default per scenario (enabled by default) - when enabled, existing setting for Messages logging approach doesn’t have effect. In that case, messages logging approach is detected by Figaf Tool for each integration object: by default, ICO Logging, but if scenario has channel(s) with custom modules (non-adapter modules, non SAP log modules, non Figaf Tool modules) - Sap Log Module is enabled. It can be overridden on Integration Object page.

  • Messages logging approach - type of integration with current agent, the way of fetching messages from PRO system:

    • Figaf Agent Module requires installation of Agent component. The main part of Agent component is the Agent Module. Agent component also includes some secured web services which are used by web application for synchronous communication and JMS queue which provides asynchronous integration. Agent Module is a EJB stateless component which implements com.sap.aii.af.lib.mp.module.Module interface. Agent Module (Figaf Tool/SaveModule) is automatically added to the communication channel’s modules chain at specific positions. The main purpose of that module is to intercept exact message, save it to SAP database. The existent message payload or dynamic properties are not modified by Agent Module, except the only one situation: for regression test case it has specific option to replace synchronous service response on the test scenario by related recorded expected message from the test case. If you want such behavior for your synchronous scenario, you need to enable that option manually on integration object’s Test Configuration page. Figaf Agent Module integration type has the following configuration:

      agent module parameters

      The main benefit of Agent Module - its performance. Receiving messages through JMS is asynchronous and it’s much faster than polling approach. It especially makes great sense if the size of payloads is not large. For large messages there is no way to use JMS, Agent component has a web service for that purpose. Messages are saved in the local SAP system database and then they are polled by the web application through the web service. This approach is used for smaller messages automatically. You can configure scheduled polling for current integration type (for other types too) by enabling it and entering a value for Polling Cron Expression.

      Allow only manual modules and logging configuration update prevents automatic modules update for whole Agent, so no communication channels will be touched. Figaf Tool will only manage its own XI scenarios, created by the tool for sending messages through the system. You can configure ignored channels for ICOs on Integration Object Details page.

    • SAP Log Module - noninvasive integration type. It uses standard SAP Log Module (localejbs/AF_Modules/MessageLoggerBean) to log exact message state. This module is automatically added to the communication channel’s modules chain at the same positions as Agent Module. SAP Log Module integration type has the following configuration:

      sap log module parameters

      The only one way to retrieve a message is the messages polling functionality. You can make it scheduled by enabling it and defining a cron job expression. In order to receive message payloads from SAP systems, Figaf Tool looks for new root AdapterFrameworkData (AFD) entries using AdapterMessageMonitoringVi#getMessageList web service (by applying special filters), determines relationships of AFD entries and builds a tree of them (for complicated cases). Then if the option Msg payload download approach is set as Use web service (for newer system), it looks for a message payload using AdapterMessageMonitoringVi#getLoggedMessageBytes web service, otherwise, if the option is set as Use web page scraping, it parses AFD page and downloads payloads through provided links on the page. If your system has AdapterMessageMonitoringVi#getLoggedMessageBytes web service (was introduced in some patch in Oct. 2017), use Use web service (for newer system) option. It’s a bit faster than web page scraping. SAP Log Module integration type is slower than Figaf Agent Module, but the main benefit is that you don’t need to deploy any third party components on your production system. You can mix SAP Log Module integration type with Figaf Agent Module without any problems. For example, your agent system can be integrated through SAP Log Module, and test system is integrated through Figaf Agent Module.

      Allow only manual modules and logging configuration update prevents automatic modules update for whole Agent, so no communication channels will be touched. Figaf Tool will only manage its own XI scenarios, created by the tool for sending messages through the system. You can configure ignored channels for ICOs on Integration Object Details page.

    • ICO Logging - "the most" noninvasive integration type. If you enable that type, application won’t add any modules to the communication channel’s modules chain. You just need to be sure that all needed scenarios have logging options enabled for stages BI and AM. The cons of that approach - you need to maintain these logging options manually and the state of logged messages sometimes is different to the state obtained through previous integration type. We can’t control, when BI and AM stages will be logged, for some cases we even don’t have the final logs at all (e.x. message splitting case, it doesn’t log payloads after the splitting, only before). That behavior leads to problems when you want to mix ICO Logging approach with SAP Log Module or Figaf Agent Module. For example, you can configure your agent system using ICO Logging integration type and test system using SAP Log Module integration type. It will work until you get scenario with custom modules or scenario with message splitter. In the first case the different state of the same message will be received, in the second case the messages received through SAP Log Module will have outbound state after splitting, the messages received through ICO Logging will have outbound state before splitting. So, amount of outbound messages will be different. ICO Logging integration type has the same configuration as SAP Log Module:

      pi message log parameters

      Similar to SAP Message Log approach it uses polling to retrieve messages from SAP PRO system. The polling options are the same. Only one difference, it looks for message entries by combination of labels BI and AM (instead of irtLogStage<1..4> labels for SAP Log Module), so, these stages must be logged.

  • Search global configuration automatically (enabled by default) - enables automatic search for global configuration (follow article to get more details).

    The Figaf tool user should have access to http://sapserver:port/webdynpro/resources/sap.com/tc~lm\~itsam~ui\~mainframe\~wd/FloorPlanApp?applicationID=com.sap.itsam.cfg.java.systemproperties&applicationViewID=systemproperties# page. Usually, it’s enough to assign a role NWA_READONLY for the user. If it’s not possible to find it automatically, the warning will be shown where you can Ignore and save, then the agent will be automatically created with the property disabled. Otherwise, disable the property and define values manual (follow article).

  • Allow polling even if the root message has a failed status enables download of PI Inbound message even if the corresponding AFD has a failed status (systemError, waiting, canceled).

  • Try to poll messages without scenario id if none are found enables polling of messages without scenario id (some other properties like sender/receiver components or/and interfaces are still used as usual).

    If it’s enabled, the tool will try to poll messages with scenario id as usual. But if messages are not found, messages without scenario id will be polled.

    Please validate the polled messages manually, because messages related to another scenarios could be polled.

  • Enable dual stack recording enables dual stack recording (since of 2.12) and has the following configuration:

    jco destination properties

    JCO Destination properties should be copied from *.jcoDestination file.

    JCo library must be added to the external libraries folder which is defined by -Dloader.path=<path to libs folder> VM parameter (go to Figaf Tool Application running page for more details). You can download it here.

    User, configured in Username and Password fields, should have permissions to ping dual stack system and poll messages from it.

    LOGGING and LOGGING_SYNC parameters should be configured on your system:

    dual stack system configuration

  • Use CPI agent for RFC Proxy - use this option if the Figaf tool is deployed on BTP or if the JCo library is not included in the classpath. Follow steps from article to perform required configurations.

    The RFC Proxy IFlow will be automatically deployed on the selected CPI Agent when the first RFC call is made.

    Also CPI Agent used for RFC Proxy and RFC Destination name should be configured as well.

  • Partial test case running - enable it if you want to restrict number of messages sent from Figaf Tool to remote system in unit of time.

    Actual number of messages sent from Figaf Tool can vary depending on count of inbound messages in one group. All messages from one group are sent together.

  • Open messages via dispatcher enables possibility to open polled message entries via dispatcher.

  • Don’t resolve as default test system - when enabled, the agent won’t be resolved as default test system during test case creation from recording request and manual test case creation and during scheduled test suite executions.

  • Has confidential data - when enabled, all messages, recorded on that system will be marked as confidential. Only users with the role IRTSensitivePayloadViewer will be able to see the real payloads and testing results of confidential messages. Other users will have only encoded versions. Example.

  • Secured test system - set this flag if you are going to use the current agent for running test cases with confidential data. It can be configured only for not production systems (Production system is false)with Messages logging approach equals to `Figaf Agent Module`.

    Only administrators with IRTSensitivePayloadViewer role can enable Has confidential data and Secured test system properties.

1.4. Support Tool Config configures settings for Support Tool and Monitoring.

  • Enable Monitored Messages Polling enables configuration of cron expression (Monitored Messages Polling Cron Expression setting) to poll messages in EDI Message Monitoring automatically.

  • Monitored Messages Persistence Period is a persistence period in days for messages in EDI Message Monitoring. Default value is 30.

    If you want to have monitored messages deleted, configure MonitoredMessagesCleaner job on Application configuration page. If the job isn’t configured, the messages won’t be deleted.

1.5. Test configuration

  1. Test configuration for created agent. Select it and click on Test configuration button. Test connection settings dialog box will be opened:

    test connection dialog PRO

    If Enable dual stack recording is true for selected agent, Test connection settings dialog box contains two additional settings Pinging dual stack through JCo and Polling messages from dual stack through JCo.

    If Receiving test message through JMS setting is loading, wait for a while and click on Refresh button. If it doesn’t help, open Edit Agent dialog box (click on it’s edit button) and click on Save. Test configuration for the agent again.

2. CPI agent configuration

If you have SSO for your SAP CPI tenants please look at the article to read the configuration.

In the article you can read how to configure CPI agents.

2.1. Standard configuration

If you want to create CPI agent with standard configuration follow the steps:

  1. Go to the Agents tab on Configuration page and add your agent system through Create CPI Agent button.

  2. In the dialog configure:

    1. System Id - the system identifier of CPI system.

    2. Integration Suite or CPI URL - your CPI system URL. This is how you would normally access your SAP Cloud Integration like https://xxx-tmn.hci.eu1.hana.ondemand.com/itspaces or https://xxxx.integrationsuite.cfapps.eu10-003.hana.ondemand.com/shell/design.

    3. Integration Suite enables if it is Integration Suite system.

    4. Propagate Runtime Location Id defines whether related system expect runtime location Id usage in the requests.

      Please configure the value properly. Open https://<HOST>/shell/monitoring/Overview/. If a Runtime selector is displayed at the top of the page, enable this checkbox. This is crucial for the testing tool and certain other functionalities.

    5. Go to Next stage.

    6. Configure Public API access. API Key mode or S-User mode are available.

    7. Go to Next stage.

    8. Configure IFlow Messages API access.

    9. Go to Next stage.

    10. Configure Web API access. S-User, SAP Passport, SAP Identity Service, Custom IdP are available:

      1. S-User - ideal if you have a user that is not protected by the Universal ID.

      2. SAP Passport - use your S-User certificate to log in to the CPI/Integration Suite. Learn more about SAP Passport configuration here.

      3. SAP Identity Service - using the SAP Identity Service requires having a user with a username and password that can log in to the Integration Suite. That option is not available when public API Public API Authentication is BASIC. Learn more about SAP Identity Service configuration in article.

      4. Custom IdP - Figaf acts as a SAML 2.0 provider, enabling Figaf to log in to the CPI/Integration Suite. Learn more about custom IdP configuration here.

        Details about configuration of CPI/Integration Suite systems are available in article.

    11. Go to Next stage.

    12. Optionally create sample composite landscape to check DevOps features as well. If you agree to create it, you will be able to configure up to 3 packages to be synchronized. If you configure them and follow further, you will be redirected to Change Tracking Tool → Tracked Objects page where you can synchronize the agent.

    If CPI system is Cloud Foundry you have to assign role to the user (reed article to know how to do it).

2.2. Custom configuration

If you want to create CPI agent with custom configuration follow the steps:

  1. Go to the Agents tab on Configuration page and add your agent system through Create Agent button:

    new agent CPI

  2. Configure the agent.

2.3. Common configuration

  • System ID - the system identifier of SAP system.

  • Platform - select the type of your agent system - CPI.

  • Username, Password, Protocol, Host, Port - common connection settings.

    If you are configuring an agent for integration suite system, define Host as host of needed integration suite system.

  • Virtual - set this flag if you are not going to use that agent for messages recording (e.g., after transferring test data from one system to another). Virtual agents can’t be synchronized.

  • Production system disables testing and send message requests management on current agent.

  • Enable B2B enables B2B features for Integration Suite: synchronization, migration, object creations, etc.

  • IFLMap Host - host name which is used as an endpoint path part for some adapters in CPI system. It’s used by Figaf Tool for regression testing of integration flows. For example: m0403-iflmap.hcisbp.eu1.hana.ondemand.com, where m0403 is a CPI system id.

  • CPI Platform Type - select the type of your CPI system (NEO or CLOUD_FOUNDRY). If it’s CLOUD_FOUNDRY, then the following settings are shown:

    • IFlow Client Id and IFlow Client Secret.

      You can provide the same Username and Password here, but you have to assign role to the user (reed article to know how to do it).

    • Web API Authentication configures access mode. Could be:

      • S-User uses username/password.

      • SAP Passport enables SAP Passport usage, learn more about related configuration here.

      • SAP Identity Service - using the SAP Identity Service requires having a user with a username and password that can log in to the Integration Suite. That option is not available when public API Public API Authentication is BASIC. Learn more about SAP Identity Service configuration in article.

      • Custom IdP enables a possibility to sign on to SAP CPI CF using SAML2, learn more about related configuration here.

    • Login Url configures login URL. The tool will try to resolve it automatically if it is empty.

    • SSO Url configures SSO URL. Default value is value of irt.sso-url application property.

    • Public API Authentication configures whether BASIC or OAUTH Public API Authentication should be used. If OAUTH is selected, Public API Client Id, Public API Client Secret, and OAuth token url should be configured.

    • Public API Url configures CPI Url for integration suite system. If it’s not empty, the connection properties of the agent will be overridden by the value. So this value will be used for both public and web API.

  • Reset http client forcibly - use that function to remove cached authentication data.

  • Reset Entity Descriptor - use this function to reset SSO certificate for agent with Web API Authentication setting configured to Custom IdP.

2.4. Integration Suite and Edge Integration Cell Config configures edge cells

  • Integration Suite defines whether it is integration suite or not. It will be automatically enabled if specified Host contains integrationsuite substring.

  • Edge integration cell enables integration with Edge cells. After the setting is enabled, all available edge runtimes are fetched and added into the table, where you can configure urls for needed runtimes.

    If edge systems are on-premise and Figaf Tool is deployed in SAP BTP deployment, Cloud Foundry, you should enable OnPremise and configure Cloud connector location id and Host.

  • Propagate Runtime Location Id defines whether related system expect runtime location Id usage in the requests.

    Please configure the value properly. Open https://<HOST>/shell/monitoring/Overview/. If a Runtime selector is displayed at the top of the page, enable this checkbox. This is crucial for the testing tool and certain other functionalities. It will be automatically enabled if Edge integration cell is true.

2.5. Event Mesh configuration configures integration with Event Mesh

  • Event Mesh configuration defines credentials for Event Mesh - Publisher and Event Mesh - Subscriber.

    Use different credentials for Event Mesh - Publisher and Event Mesh - Subscriber.

2.6. Change Tracking Config configures CTT settings

  • Enable automatic synchronization enables automatic synchronization. If it’s true, you need to configure Synchronization Cron Expression and if you want to synchronize objects forcibly, enable Synchronize forcibly setting.

  • Initialize externalized parameters of deployed IFlows - if true, externalized parameters of deployed IFlows will be initialized and configurations for design-time and deployed versions will be compared fairly.

  • Enable IDE to run and upload scripts - enables it if you want to work with Groovy and/or XSLT EDI (learn more about related configuration here).

  • Synchronize used sap repository objects on demand enables synchronization of used sap repository objects. If it is false, all sap repository objects will be synchronized.

  • Reset synchronization query - use that function to remove cached values of last change dates for each tracked object types. These dates are used in synchronization algorithm to minimize amount of objects to check (checking only changed objects).

2.7. Testing Tool Config configures settings for Testing Tool.

  • Partial test case running - enable it if you want to restrict number of messages sent from Figaf Tool to remote system in unit of time.

    Actual number of messages sent from Figaf Tool can vary depending on count of inbound messages in one group. All messages from one group are sent together.

  • Use oauth url for testing configures whether OAuth token should be used during making calls to CPI Cloud Foundry system or not. If it’s enabled, OAuth token url can be configured (value should be a full url).

  • Keep iflow in trace mode for active recording/testing - enable it if you want to keep the iflow in trace mode until all required number of message is received.

  • Don’t resolve as default test system - when enabled, the agent won’t be resolved as default test system during test case creation from recording request and manual test case creation and during scheduled test suite executions.

  • Has confidential data - when enabled, all messages, recorded on that system will be marked as confidential. Only users with the role IRTSensitivePayloadViewer will be able to see the real payloads and testing results of confidential messages. Other users will have only encoded versions. Example.

  • Secured test system - set this flag if you are going to use the current agent for running test cases with confidential data. It can be configured only for not production systems (Production system is false).

    Only administrators with IRTSensitivePayloadViewer role can enable Has confidential data and Secured test system properties.

2.8. Support Tool Config configures settings for Support Tool and Monitoring.

2.9. B2B Config configures settings for B2B scenarios.

  • B2B Package for test case running - configures package used for test case running Cloud Integration - Trading Partner Management V2 or B2B Integration Factory - Cloud Integration - Trading Partner Management (with or without Enable simulation / skip endpoint delivery).

  • Purpose - configures TPM purpose Dev, Test or Prod.

2.10. Git Config configures git integration.

Read more about related configuration here.

2.11. Test configuration

  1. Test configuration for created agent. Select it and click on Test configuration button. Test connection settings dialog box will be opened:

    test connection dialog CPI

3. Api Management agent configuration

  1. Go to the Agents tab on Configuration page and add your agent system through Create Agent button:

    new agent API

  2. Configure the agent.

3.1. Common configuration

  • System ID - the system identifier of SAP system.

  • Platform - select the type of your agent system - Api Management.

  • Username, Password, Protocol, Host, Port - common connection settings.

    Username and Password are required only when Public API Authentication is BASIC.

  • Virtual - set this flag if you are not going to use that agent for messages recording (e.g., after transferring test data from one system to another). Virtual agents can’t be synchronized.

  • Production system disables testing and send message requests management on current agent.

  • CPI Platform Type - select the type of your Api Management system (NEO or CLOUD_FOUNDRY).

    • Public API Authentication configures whether BASIC or OAUTH Public API Authentication should be used. If OAUTH is selected, Public API Url, Public API Client Id, Public API Client Secret, and OAuth token url should be configured.

  • Reset http client forcibly - use that function to remove cached authentication data.

3.2. Change Tracking Config configures CTT settings

  • Enable automatic synchronization enables automatic synchronization. If it’s true, you need to configure Synchronization Cron Expression and if you want to synchronize objects forcibly, enable Synchronize forcibly setting.

  • Synchronize used sap repository objects on demand enables synchronization of used sap repository objects. If it is false, all sap repository objects will be synchronized.

  • Reset synchronization query - use that function to remove cached values of last change dates for each tracked object types. These dates are used in synchronization algorithm to minimize amount of objects to check (checking only changed objects).

3.3. Git Config configures git integration.

Read more about related configuration here.

3.4. Test configuration

  1. Test configuration for created agent. Select it and click on Test configuration button. Test connection settings dialog box will be opened:

    test connection dialog API

4. API_HUB agent configuration

See this blog post for more details.

  1. Go to the Agents tab on Configuration page and add your agent system through Create Agent button:

    new agent API HUB

  2. Configure the agent.

4.1. Common configuration

  • System ID - the system identifier of SAP system.

  • Platform - select the type of your agent system - API_HUB.

  • Username and Password.

4.2. Change Tracking Config configures CTT settings

  • Enable automatic synchronization enables automatic synchronization. If it’s true, you need to configure Synchronization Cron Expression and if you want to synchronize objects forcibly, enable Synchronize forcibly setting.

  • Synchronize used sap repository objects on demand enables synchronization of used sap repository objects. If it is false, all sap repository objects will be synchronized.

4.3. Test configuration

  1. Test configuration for created agent. Select it and click on Test configuration button. Test connection settings dialog box will be opened:

    test connection dialog API HUB

5. SAP PI/PO user roles configuration

You can configure connection with SAP systems by entering your user credentials (or some another available user). Be sure that the user has roles depending on the Figaf Tool tools you are going to work with:

  1. Testing Tool: SAP_XI_API_DEVELOP_J2EE (to have read/write permissions in the integration directory), SAP_XI_MONITOR_J2EE (to use AdapterMessageMonitoring WS API for fetching payloads that required for SAP Log Module integration), and custom role (to send messages through created XI channel) with the following action:

    action for custome role

    Custom role example:

    [role]
rid=SOAP_XI_SENDER
action=ACTN.AUTH_DS.un:L$sap.com/com.sap.aii.adapter.soap.app$xi_adapter_soap_message

  2. Support Tool: SAP_XI_ALERT_CONSUMER.

  3. DevOps: SAP_XI_ADMINISTRATOR_JEE (required for transports).

  4. Migration overview and PI agent reports, and you would like to add BPM related interfaces: SAP_BPM_SolutionManager (used during report generation, otherwise the error occurs Requesting user does not own the permission 'bpm.solutionmanager' which is required for this call.).

If you want to work with Testing Tool, Support Tool, DevOps, migration overview or generate PI agent reports in Figaf Tool, user should have SAP_XI_API_DEVELOP_J2EE, SAP_XI_ADMINISTRATOR_J2EE, SAP_XI_ALERT_CONSUMER, and SAP_BPM_SolutionManager roles.

If UME authorization is enabled, you should also add a XiMdt.ExtendedMonitor role, otherwise it won’t be possible to load message payloads through AdapterMessageMonitoring web service. It affects Support Tool and Testing Tool functioinality if noninvasive integration types (without Agent component) are used.

6. Agent component deployment and configuration (optional, only for PI/PO systems)

  1. Deploy Agent component on your development system. It can be done with NetWeaver Developer Studio or your favorite deployment tool. For the first integration it is easier just to test on one system, you can always add more systems later.

  2. Create new user:

    1. Open UMEAdminApp(/useradmin) and import users (your user should have Administrator role in the UME).

    2. Then select Overwrite Existing Data checkbox.

    3. Put the configuration below into the text area and click upload button (this step should be done on both (Agent and Test) systems). The configuration depends on the Figaf Tool tools you are going to work with:

      1. Testing Tool needs user to have SAP_XI_API_DEVELOP_J2EE (to have read/write permissions in the integration directory), SAP_XI_MONITOR_J2EE (to use AdapterMessageMonitoring WS API for fetching payloads that required for SAP Log Module integration), IRTAgent (it is created during deployment of agent component), and custom role (to send messages through created XI channel) with the following action:

        action for custome role

        Custom role example:

        [role]
rid=SOAP_XI_SENDER
action=ACTN.AUTH_DS.un:L$sap.com/com.sap.aii.adapter.soap.app$xi_adapter_soap_message

        Example of user to work with Testing Tool:

        [User]
uid=IRTAGENTUser
last_name=IRTAGENTUser
accessibility=0
role=SAP_XI_API_DEVELOP_J2EE;SAP_XI_MONITOR_J2EE;SOAP_XI_SENDER;IRTAgent;

      2. Support Tool needs user to have SAP_XI_ALERT_CONSUMER (used by Support Tool) and IRTAgent (it is created during deployment of agent component):

        [User]
uid=IRTAGENTUser
last_name=IRTAGENTUser
accessibility=0
role=SAP_XI_ALERT_CONSUMER;IRTAgent;

      3. DevOps needs user to have SAP_XI_ADMINISTRATOR_JEE (required for transports) and IRTAgent (it is created during deployment of agent component):

        [User]
uid=IRTAGENTUser
last_name=IRTAGENTUser
accessibility=0
role=SAP_XI_ADMINISTRATOR_JEE;IRTAgent;

      4. Migration overview and PI agent reports, and you would like to add BPM related interfaces: SAP_BPM_SolutionManager (used during report generation, otherwise the error occurs Requesting user does not own the permission 'bpm.solutionmanager' which is required for this call.).

        [User]
uid=IRTAGENTUser
last_name=IRTAGENTUser
accessibility=0
role=SAP_BPM_SolutionManager;IRTAgent;

      If you want to work with Testing Tool, Support Tool, DevOps, migration overview or generate PI agent reports in Figaf Tool, create user with SAP_XI_API_DEVELOP_J2EE, SAP_XI_ADMINISTRATOR_J2EE, SAP_XI_ALERT_CONSUMER, SAP_BPM_SolutionManager, and IRTAgent (it is created during deployment of agent component) roles:

      [User]
uid=IRTAGENTUser
last_name=IRTAGENTUser
accessibility=0
role=SAP_XI_API_DEVELOP_J2EE;SAP_XI_ADMINISTRATOR_J2EE;SAP_XI_ALERT_CONSUMER;SAP_BPM_SolutionManager;IRTAgent;

  3. Change security policy to the “Technical user” and configure passwords for created user.

  4. Open NetWeaver Administrator (/nwa), then tabs SOA → Application and Scenario Communication → Single Service Administration

    3 1 2

    Type "irt" in the search field and click "Go". Enable authentication by User ID/Password for each Figaf Tool web service (see the screenshot below):

    3 1 3