Start of Content Area

Background documentation Users and Passwords  Locate the document in its SAP Library structure

You have to create users on the server in order to apply restriction over the activities that individual persons can perform using applications that run on the sever or to restrict access to the server itself or its resources.

Security Restrictions for Users

During the creation of a user (using Visual Administrator tool), you can apply different types of security restrictions. For example, you can enforce password changes for users after a specific number of days. In addition, you can lock or unlock users or set up a password policy.

You can also create other administrators on the server - that is users that have rights to create, remove or change the other users on the server, including the other administrators. Administrators do not have access or management restrictions on the server. They can perform management tasks for any resource on the server.

As for the application users - after or during the deployment of an application that have to contain users and groups, the system administrator or the deployer maps the users to security roles. That means that the administrator creates an association between a user that exists on the server and the user that is provided and must act as someone in the application.

Determining Initial Passwords

When creating users, you decide what the users’ passwords will be. You also determine the method used to communicate the initial password to the user. You have to be an administrator to be able to create users.

In addition, you can choose to assign a public-key certificate to the user. In this case, the user’s certificate must be located in the server’s Key Storage. For more information, see Managing Users in the Administration Manual.

Password Policies

You can specify a password policy for user ID and password based authentication. The policy rules supported depend on the user store that you use (UME or DBMS user store). For more information, see:

        UME: Security Policy in the UME Reference (Reference Manual)

        DBMS user store:  Managing Users (Administration Manual)

Storing User Passwords

The hash-code of passwords of the users from the user store of SAP J2EE Engine are stored in the active user store. The password for the administrator, which is used by certain applications to connect to the SAP J2EE Engine and perform certain tasks, is stored in the secure storage in the file system (see Storing the Password for the Administrator).



End of Content Area