Skip to Content

XI: How to… add authorizations to Repository objects

When working with many developers we may want to restrict the access for some objects
to some of them (either change, or delete for instance)
XI allows us to do it very easily and this is a simple example on how to start using so called “Data Dependent Authorizations”.

In the initial situation we have access to all objects and when we click Change button
we can change any object we want (unless the software component version is not checked “Objects are modifiable”)


but we’d like to change this and forbid our user to access Message mappings in one software component version.

1. From the Integration builder: Repository let’s go to Tools -> User Roles -> New

2. Let’s name our role: SampleRestriction

3. Now we’ll Exclude access to our Software component version + for all of it’s namespaces and exclude access to all Message Mappings from that component.

This picture was changed a little bit so it’s easier to see all objects on it.

Obviously we can choose many other Objects if we want


4. Then hit save & activate our role.

5. Now we have to go to the: http://server:port/useradmin to assing the new role to our user

but before that make sure you got property set to true in your ExchangeProfile
– IntegrationBuilder
— IntegrationBuilder.Repository

6. Click Roles -> search for role XiRep_Samplerestriction

7. Assign users to…


8. Then we can add a user to the new role.




9. Now we can see that our user has been added.
We can log on to the XI Repository and when we click the Change button for the Message mapping we’ll see:




More information about repository authorizations can be found on:

1. User Roles –

2. Latest XI configuration guide under:
Users with Data-Dependent Authorizations



You must be Logged on to comment or reply to a post.
    • Hi Siva,

      but the truth is that I (as a developer)
      don't want to have restricted access 🙂

      I keep reading you contributions too and I really like he one with the message flow 🙂

      you too keep on (web)blogging 🙂


  • Helps a lot with implementation projects involving bigger team size and avoids last minute surprises!! And if teams are geographically seperated , then u know the chaos , Keep Going
    • Hi Saravana,

      The chaos can even be if there are many teams on one place:)
      but we have to create "managed chaos" 🙂 


  • Hi Michel,

    I tryed your blog.but, when i click the change button in the repository objtct its not performing perticular role.

    i was configured ExchangeProfile parametes and created new user and its roles.

    Would you tell where i done mistake. according to your blog.

  • hi Michal

    i did this, but somehow for reason i don't know yet when i add the  in ExchangeProfile --> IntegrationBuilder �¨ IntegrationBuilder.Repository    it is also added in  IntegrationBuilder.Directory

    I've repeated it 5 times already but it is really getting added in the IntegrationBuilder.Directory,  which then applies the restriction also to Directory objects

    Our system is XI 3.0  SP19

    would you know why this happens?

  • HI,
    I have tried it but I can continue modifing objects.

    1. I have created a user in XI (Trans. SU01) with role SAP_XI_DEVELOPER.

    2. I have create the Exchange profile parameter with true, and restart J2EE

    3. I have created a role in IR:
    Exclude/SWCV/*/Exclude/Message Mapping/Full Edit

    4. I have assigned the role to the user

    and the user can modify all objects in the SWCV.

    Could you help me?