Configuring Delegated User Administration Using Companies

Context

Delegated user administration enables you to distribute user administration between several administrators so that each administrator is responsible for a particular set of users. For example, you can designate one user administrator for each business area in your company. Each user administrator can only create, modify, and delete users in the business area that he or she is responsible for.

Procedure


  1. Configure the user management engine (UME) to support companies.

    • If your data source is SAP NetWeaver Application Server (AS) ABAP, the UME automatically reads the user groups of the AS ABAP and implements them as companies in the AS Java.

      To manage ABAP groups on the AS ABAP, use transaction SUGR.

    • If your data source is the database of the AS Java or an LDAP directory, you must set the required UME properties.

      For more information, see Editing UME Properties .

      You must always set the UME property ume.tpd.companies.

      • To configure one company and guest users, set ume.tpd.companies= 1 .

        Allows for self-registration and approval process. All approved users belong to the same company. Guest users are users who do not belong to the company or are awaiting approval.

      • To configure companies internal, external, and guest users, set ume.tpd.companies= 2 or configure companies with names of your choice and guest users, set ume.tpd.companies= <list of companies> . Separate company names with commas (,).

        Allows for self-registration and approval process. All approved users belong to a company. Guest users are users who do not belong to a company or are awaiting approval. Use this configuration to allow external users, such as suppliers, limited access.

  2. Determine if you want the company groups to appear in the UME display.

    For more information, see Company Group .

    To show company groups, set the following UME properties:

    • ume.company_groups.enabled= TRUE

    • ume.company_groups.guestusercompany.enabled= TRUE

  3. Create one or more delegated user administrators for each company.

    To define a delegated user administrator:

    • Either move an existing administrator to the company or create a new administrator in the company.

    • Assign delegated user administrators to delegated user administration roles.

      • If you are setting up delegated user administration in the portal, use the portal role called Delegated User Admin with the ID pcd:portal_content/administrator/user_admin/delegated_user_admin_role.

      • Otherwise assign a role with company-specific UME actions.

  4. Assign users to companies using the following methods:

    • In the role of overall user administrator, create new users in companies and move existing users into companies.

    • Enable users to request membership in a company during self-registration. Delegated user administrators must approve the requests.

    • In the role of overall user administrator, import new users and use the org_id attribute to assign a company.

Next Steps