Assign ESBMessaging.send role

[ASRHARDING]

Tutorial URL: https://developers.sap.com/tutorials/cp-integration-create-basic-flow.html

Prerequisite: • You have assigned ESBMessaging.send role in the SAP Cloud Platform cockpit to the user that will be used for calling the flow.

According to SAP Help (https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/24585cc503334e6c917ef383efb5558a.html) this involves going to the subaccount and selecting Security > Authorisations.

I only have a trial account with the options of: Role Collections, Roles & Trust Configuration available.

How can I configure the ESBMessaging.send role for my user id?

Kind regards, Andrew

[ASRHARDING]

There appears to be now way for myself as a Public “P” user to set the ESBMessaging.send role, and this appears to by why I can't get Step 8 of the tutorial to send a SOAP message to work.

• Defining Permissions for Senders to Process Messages on a Runtime Node - in Cloud Foundry subaccount access Security > Authorizations to assign ESBMessaging.send role to a user ID Problem with this approach is the only options in my “P” trial account for Security are - Role Collections, Roles & Trust Configuration - there is no Authorizations tab - menu image in attached image file.

• Managing Custom Roles in the Cloud Foundry Environment - appears to provide a way of assigning the ESBMessaging.send role but encounter errors when opening the Roles tile, and when trying to add a role - internal server error & retry errors in attached image file

[ASRHARDING]

I have now found a way to do this as per instructions below. This should probably be included with the instructions for "Set Up Integration Suite Trial" - https://developers.sap.com/tutorials/cp-starter-isuite-onboard-subscribe.html

Step:

1. In Integration Suite select Security > Role Collections & click on “+” to add a role collection.
2. Enter a name, e.g. “Z-Integration-Messagingsend” & description (optional) then click on Create.
3. Scroll down and click on the new role, e.g. “Z-Integration-Messagingsend”
4. Click on Edit.
5. Click on “+” above Roles, & select MessagingSend from the dropdown list.
6. Click on “+” above Users, & enter your user trial account email address in the ID box.
7. Click on Save.

The MessagingSend role in Cloud Foundry appears to give your trial user id the ESBMessaging.send role. It is now possible to send requests to the iFlow from Postman that work, assuming you have the mailSender set up to work correctly.

[ASRHARDING]

Note the solution above was done with "Integration Suite", not the old "Process Integration" service. Regards, Andrew

[gauthamkrishna-sap]

Hi @ASRHARDING

The steps for old PI service has been captured in the process integration tutorial & referenced in the prerequisites. Thank you for your feedback.

Best Regards, Gautham

[MichaelCzcz]

Thank you for your feedback. The issue seems to be resolved, so I am closing the issue.

If you still have questions, feel free to reopen the issue.

[jmalla]

I have now found a way to do this as per instructions below. This should probably be included with the instructions for "Set Up Integration Suite Trial" - https://developers.sap.com/tutorials/cp-starter-isuite-onboard-subscribe.html

Step:

1. In Integration Suite select Security > Role Collections & click on “+” to add a role collection.
2. Enter a name, e.g. “Z-Integration-Messagingsend” & description (optional) then click on Create.
3. Scroll down and click on the new role, e.g. “Z-Integration-Messagingsend”
4. Click on Edit.
5. Click on “+” above Roles, & select MessagingSend from the dropdown list.
6. Click on “+” above Users, & enter your user trial account email address in the ID box.
7. Click on Save.

The MessagingSend role in Cloud Foundry appears to give your trial user id the ESBMessaging.send role. It is now possible to send requests to the iFlow from Postman that work, assuming you have the mailSender set up to work correctly.

I am having the same issue - I created a role collection and added the role "MessagingSend" but I still get the same error. Not sure what I am missing. These steps should be added to the tutorial.

• Jay

[Jens-Schwendemann]

I am having the same issue - I created a role collection and added the role "MessagingSend" but I still get the same error. Not sure what I am missing. These steps should be added to the tutorial.

For me not working, too. I even tried to create the user role "MessagingSend" in CI, but that isn't allowed. I tried with the S-User and the email address as user name.

Anyone got this working?

[ASRHARDING]

Jens The steps I listed above have been superseded by changes to SAP Integration Suite.

When I re-did SAP Integration Suite about a month ago, after I had deleted/re-instigated my account, "Step 5: Automatically assign roles and create service instances using Booster" of the tutorial "Set Up Integration Suite Trial" (https://developers.sap.com/tutorials/cp-starter-isuite-onboard-subscribe.html) created/assigned the role automatically.

Assuming you have done this tutorial on a recently instigated BTP trial account you should find the ESBmessaging role assignment in your trial subaccount, Services > Instances and Subscriptions. Click on the "1 key" link to the right of the default_it-rt_integration-flow instance, and you should see it towards the end of the credentials - see the attached images.

The role ESBmessaging is assigned to the default_it-rt_integration-flow instance, which you use the clientid as the username, and clientsecret as the password, when you try flows in Postman.

Hope that helps you resolve your issues. Andrew

[Jens-Schwendemann]

Thanks Andrew, but the steps you outlined basically lead to a "normal" Basic Auth User in Cloud Integration like so: https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/647eeb3eca5d4c299009cacd1332247e.html

However, I wanted to achieve something where I can authenticate with my S-User like so: https://help.sap.com/viewer/368c481cd6954bdfa5d0435479fd4eaf/Cloud/en-US/5d46e56550a048e99995f23e1e20083a.html

I understand that for the scope of the tutorial and BTP Trial it might just suffice with the first option. I'd however like to use my S-User in Postman especially to not need giving access to a (kinda critical) credential to all developers that need to do a once in a while test in Postman. They then should use their own S-User

Thanks again Jens

[ASRHARDING]

Hi Jens I have tried giving my user id access to call the integration endpoint, and assigned it the ESBmessaging role, to no avail. You can try asking the SAP Integration Community - you may find an answer already: https://answers.sap.com/index.html.

Basic Authentication is not meant to be used in production environments, in which case giving access to the a dev instance service key to a developer shouldn't result in access to anything critical. In production you are recommended to use Client Certificates or OAuth (which uses the clientid & clientsecret.

Sorry I don't have a definitive answer for you. Regards, Andrew