User Management for Application Server Java 

Getting Started

The administrator user, created during installation, depends on the data source used by the user management engine (UME). To determine which administrator user you can log on with, see Standard Users.

The UME provides the user management functions for Java applications. To familiarize yourself with the UME, see User Management Engine.

Authorizations to use Java applications are either provided by J2EE security roles or by UME actions. To familiarize yourself with the concepts involved, see Security Roles and Permissions, Actions, and UME Roles.

Tools

You can use the following tools for user administration on the SAP NetWeaver Application Server for Java:

●      Identity Management (also known as the user administration console)

●      Security Provider service of the Visual Administrator

We recommend that you use identity management.

If you manage users across multiple SAP systems and even non-SAP systems, we recommend you use SAP NetWeaver Identity Management Identity Center.

For more information, see SAP NetWeaver Identity Management Identity Center.

Restrictions

The data source used by the UME imposes some restrictions on identity management. See the information relevant for your data source:

●      LDAP Directory as Data Source

●      SAP NetWeaver AS ABAP User Management as Data Source

Tasks on Demand

The table below shows tasks that you need to perform when required:

Reason	Task	More Information
Activate the emergency user (SAP*)	Activate the emergency user.	Use the emergency user if all administrator users are locked or you cannot log on to any applications because of incorrect configuration.
Create, modify, or delete users, groups, or UME roles.	Managing Users, Groups, and Roles.	We recommend that you do not delete users, rather lock the user and set the expiration date of the account. Only delete a user after a period of time in accordance with your local auditing regulations.
Lock or unlock users	Lock or unlock users using the UME administration console.	None
Setting, resetting, or disabling a user password.	Manage user passwords.	None
Assign users or groups to groups or UME roles	Assigning Principals to Roles or Groups.	None
Import user management data	See UME Object Data Import.	Use this function for mass operations.
Export user management data	See UME Object Data Export.	Integrated into identity management
Map J2EE security roles to users or groups	Map J2EE security roles to users or groups using the Visual Administrator.	None.
Manage resources	Manage resources using the Visual Administrator.	This enables you to allow or restrict user access to specific security-sensitive parts of the server.

Periodic Tasks

The table below shows tasks that you need to perform periodically:

Frequency	Task	Recommended Tool
Daily	Approve or reject newly registered users	Identity Management. This function is only available if you have set up user management accordingly. See Companies and Self-Registration with Approval.

 

See also:

If you have SAP NetWeaver Portal in your installation, you must also manage portal roles. For more information about portal roles, see:

●      Creating and Changing Roles and Worksets

●      Role and User Distribution to the SAP System

●      Upload of Roles from ABAP-Based Systems