Setting General User Management and Security
Settings 
Use
In this step, you make central settings for user management and security in the Enterprise Portal. In particular, you:
· Define an overall configuration for user management and security in the portal: You can define more than one configuration. Each configuration is stored in the Microsoft Windows registry. If you are configuring the Unification Server, you can define a different configuration for each unifier project.
· Define a user ID and password with which an administrator can log on to the portal without being authenticated against the corporate LDAP directory. The very first time you log onto the portal to configure this setting, you log on with the admin user (user ID admin, password admin).
· Define a user for running the portal Web server (Microsoft Internet Information Server).
· Define the validity period of the SAP logon ticket that the Portal Server issues to each user when they have been successfully authenticated on the portal.
Procedure
...
1. Start the configuration tool by choosing System Configuration ® User Management Configuration.
If you are calling the configuration tool from the Unification Server, choose Unification Server ® <Unifier Project> ® User Management ® Security & Configuration
2. Choose the General Settings tab.
3. Define the name of your configuration, filling the fields as follows:
|
Field Name |
Field Data |
|
Current Host |
Name of host on which the registry containing the configuration is located. |
|
Current Config. |
Name of configuration currently in use. We recommend that you do not modify the default configuration, but instead create a new configuration by entering a configuration name in the Create New field and choosing Create. Each configuration is stored as a separate entry in the Microsoft Windows registry. You can also choose a previously defined configuration from the list. If you want to access a configuration on a remote host, enter the host name in the Current Host field. The configurations in the registry of that host will appear for selection.
The configuration name can only contain the characters 'A' to 'Z' and 'a' to 'z', the digits '0' to '9', and the '-' and '_' signs. Special characters are not supported. |
4. Define a user ID and password with which an administrator can log on to the portal without being authenticated against the corporate LDAP directory. Enter data in the fields as follows:
|
Field Name |
Field Data |
|
Super Admin Login |
User ID of administrator |
|
Super Admin Password |
Password of administrator |
|
Adminstrator's Role |
Role assigned to the administrator. The portal uses the role entered in this field to ascertain which users are administrators. Any users that have this role assigned to them are regarded as having administrator rights by the portal. |
Initially this is set to the user admin and password admin with the role portal_admin. It makes sense to change this default value, as the password is not very safe. See also SAP Note 509590.
5. In the NT User Impersonation group, define a user ID and password to be used for running the portal Web server (Microsoft Internet Information Server) process. The user must be an existing NT user with permissions to all portal and unifier resources, for example network access to required databases. The user ID must be entered as <domain>\<user>.
6. To define the validity period of SAP logon tickets, enter a value in the Logon Ticket Expiration field.
This value must have the syntax HH:MM, for example '8:30' for eight and a half hours, or '24' for twenty-four hours or '0:15' for fifteen minutes.
The default value for this setting is 8 hours.
7. If you wish to set up the portal for anonymous logon using guest users, select Use Guest List.
For more information on how to set up the portal for anonymous logon, see Anonymous Logon with Named Guest Users.
8. If you are using the configuration tool in the Unification Server, you can choose to Set Component Permissions. However, before you can do this, you must first configure the connection to the corporate LDAP directory on the Directory Server tab page.
By setting component permissions, you are granting all users in the corporate directory access to all components (info object in unifier project, for example a database table) on the Unification Server. By default, when a unifier project is created, access to components is denied to all users. Only when users have been granted access to the components, can you, the administrator, assign the appropriate permissions to each user for a component.
9. When you have filled all the fields, choose Apply.
You need to restart the portal Web server (Microsoft Internet Information Server) and the Java servlet engine for your changes to take effect. However, do not restart these until you have completed all the tabs of the configuration tool.