Configuring JDI User Management
The user management for the SAP
NetWeaver Java Development Infrastructure (JDI) with Design Time Repository,
Change Management Service and Component Build Service uses the
User Management Engine (UME). The UME provides different ways of
storing user data.
The figure below shows how the UMEis used in the SAP NetWeaver JDI.
In the User Management Engine, actions are assigned to roles, and to the roles, principals (users or groups) are assigned. For more information, see Permissions, Actions, and UME Roles.
Using the User Management Engine
To use the UME, select a storage location for the user data.
Storing User Data in the Database of a J2EE Engine
You can use groups such as JDI.Developers and JDI.Administrators to grant the relevant permissions.
For an example on configuring the user JDI of the SAP JDI using actions, roles and groups, see the Installation Guide of the JDI.
You also need a user for the CMS. The CMS needs this user to perform all actions in the DTR, CBS, and SLD that are required for the configuration of the JDI and for operating the CMS. This CMS user is not assigned to a real person.
We recommend that you call this user CMSadm. It must be assigned to the JDI.Administrators group.
For details about other authorizations that are not in the category Administrator or Developer (such as Quality Manager), see the following:
Roles in the Change Management Service
Roles in the Component Build Service
For information about how to give specific developers access to specific workspaces and resources in the DTR, see User Authentication and Authorization in the Design Time Repository.
Starting the User Management UI
...
1. To display the user administration front end of the J2EE Engine, start http://<host>:<port>/useradmin.
a. If you selected the Use the J2EE Database option when you installed the SAP Web AS 6.40 J2EE engine, the default administrator user is accepted when you log on.
b. If you selected the Use a Central ABAP System option, you specify the <user> (for example, J2EE_ADMIN) and <password> during the installation.
For a description of how to assign users to groups, see Creating Users and Assigning Groups.
Storing User Data in a Central ABAP-Based System
If the users are imported from a central ABAP-based system, you do not have to create them in the user administration front end of the J2EE Engine. If you want to assign users to a specific UMErole, you have to do this yourself.
For an example of how to assign
user groups to UME roles, see the Installation
Guide. For more information, see
SAP ABAP-Based System as Data
Source.
Storing User Data in an LDAP System
You can also store user data in
an LDAP system. For more information, see
LDAP Directory as Data
Source.
In LDAP systems, names of users and groups are unique only in the context of the hierarchy. As a basis for assigning authorizations in the DTR, the name alone is therefore not sufficient. For this reason, a concept for unique IDs exists, which are used in the DTR in place of the names. For more information, see Granting Privileges.
Required Roles and Actions
The table below shows the minimum requirements concerning roles and actions for the development with the SAP NetWeaver JDI. The role and group names are examples.
Roles and Actions Required for the Development with the Entire SAP NetWeaver JDI
In SAP NetWeaver 2004s, the JDI has been renamed as SAP NWDI (SAP NetWeaver Development Infrastructure). The names of the UME groups and roles already reflect this change.
UME Group |
UME Role |
UME Action |
NWDI.Administrators |
NWDI.Administrator |
CBS.Administrator CMS.Administrate |
NWDI.Developers |
NWDI.Developer |
CBS.Developer CMS.Display CMS.ExportOwn |
To allow communication with the SLD, you must additionally assign the UMEgroups to the following security roles in the J2EE engine:
· Administrators need the security role LcrInstanceWriterAll
· Developers need the security role LcrInstanceWriterNR
It can take a while before you can start working with the user you just created. This depends on the UMEcache.