Skip to Content
Technical Articles
Author's profile photo Raffael Herrmann

How to create custom roles and groups for SAP CPI (in NEO environment)

When working with the SAP CPI (Cloud Platform Integration) you automatically come in touch with some of the standard roles in SAP CPI. Latest when you configure an IFlow with a SOAP sender you have seen theĀ ESBMessaging.send-role which is preset as needed user role to send data to the interface.

But what if you want to use another role? What if you want to group your interfaces, so that the HR team for example can only send to their interfaces? For this case, you can create custom roles in SAP CPI which not only can be used in the sender channels but also for additional authorization checks, when combined with the Authorization Management API.

How to create custom SAP CPI roles

To create custom roles, you have to open the CPI specific roles management section in the SAP Cloud Platform. There login to and click through the following path:

Regions –> [Your region] –> [Your global account] –> [Your CPI subaccount] –> Applications/Subscriptions –> [Your tenant]iflmap-application –> Roles

From this screen you can create custom roles via theĀ New Role-button. You can also assign the newly created roles to users or groups from this screen.

How to assign custom SAP CPI roles

As you have seen, you can assign roles directly from the Roles management view as described above. But there is a second place, where you can assign your custom roles to users. Therefore open the Authorizations-view via

Regions –> [Your region] –> [Your global account] –> [Your CPI subaccount] –> Security/Authorizations

From this screen you can use your own roles. Choose “avrhcin” as subaccount and “[xxxx]iflmap” as application to be able to choose your own roles in the Assign roles to user-view.


It is really that easy. You only have to know how to get to the management view, which is a bit hidden. But if you manage to get there you can create your own roles within minutes.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Anand Patil
      Anand Patil

      Nice one. Thanks. I will try this out.


      Author's profile photo Saurabh Saxena
      Saurabh Saxena

      which API should we use to fetch the same role and its respective users?