UME Action ID

Description

UME.Manage_All

Provides permissions required by an overall user administrator. These include:

·        Administration of users belonging to any company and possibility of assigning users to companies

·        Group management

·        Role assignment

·        User mapping

·        Import and export of user data

·        Manual replication of user data

To set up delegated user administration, overall user administrators must belong to a role to which the UME.Manage_All action is assigned.

In portal installations, any role that includes the UME.Manage_All action automatically has Role Assigner permissions on all portal roles in the portal installation.

UME.AclSuperUser

(Relevant for SAP Enterprise Portal only.)

Provides Owner permissions on all objects in the Portal Content Catalog. It is not possible to remove this permission in the permission editor. This action is designed for super administrators.

This action should be used very restrictively as it provides extensive permissions on portal content. It should only be assigned to the Super Administration role in the portal. It should not be assigned to any other roles.

UME.Manage_Users

Provides permissions to administrate users belonging to the same company as the administrator (search, create, modify, delete, lock, unlock, reset password, approve new user requests).

To set up delegated user administration, delegated user administrators must belong to a role to which the UME.Manage_Users action is assigned.

UME.Manage_Groups

Provides permissions to view, add, modify, and delete groups and to assign users and groups to groups. Administrators can only assign users belonging to the same company as them.

UME.Manage_Roles

(Not relevant for SAP Enterprise Portal.)

Provides permissions to view, add, modify, and delete UME roles, and to assign users and groups to UME roles.

Be careful to whom you assign this action. Users with this action can assign themselves the Administrator role which gives them full administrator rights on the J2EE Engine. In particular, DO NOT assign this action to delegated user administrators.

UME.Manage_All_Companies

Acts as an extension of UME actions so that they apply to users of all companies. For example, the action UME.Manage_Users provides permissions to administrate users belonging to the same company as the administrator. By additionally adding the action UME.Manage_All_Companies, the administrator has permissions to administrate users of all companies.

UME.Sync_Admin

Provides permissions to perform user replication using the user management administration console.

UME.Batch_Admin

Provides permissions to import and export users and groups using the user management administration console. Administrators can only import and export users belonging to the same company as them.

UME.Manage_My_Profile

Provides users with permissions to display and change their own personal user profile.

If the UME property ume.admin.allow_selfmanagement is set to true, this permission is not checked.