Identity Management
Purpose
SAP systems within the SAP NetWeaver platform perform authorizations using a role-based identity management approach. This means that you assign authorizations to users based on the job they perform using the particular system.
Features
The tools available for performing identity management functions depend on the type of installation you have. These tools and functions are described in the following sections:
· Users and Roles (BC-SEC-USR)
In this section, we describe the authorization concept and the corresponding tools that are available for identity management with the SAP Web AS ABAP:
¡ User maintenance (transaction SU01)
¡ Mass changes in user maintenance (transaction SU10)
¡ Role and authorization maintenance (transaction PFCG)
¡ Central User Administration (CUA)
¡ User Information System (transaction SUIM)
In this section, we describe authorization concept and the corresponding tools available with the User Management Engine (UME), which is the identity management provider for the SAP Web AS Java. The user management concept along with the maintenance functions are described.
· Users and Authorizations on the SAP Web AS Java
The SAP Web AS Java also supports the use of J2EE security roles and role references parallel to the UME authorization concept. This section describes how these concepts are integrated with the SAP Web AS Java server. It also describes how to use the access control lists under resource management to protect access to server resources.
· Directory Services (BC-SEC-DIR)
This section describes how to synchronize identity management with the SAP Web AS ABAP with identity management using directory services.
· Using Security Roles or UME Permissions in Applications
This section describes how to use J2EE security roles or UME permissions and UME actions to protect access to your applications.