User Management

SAP Enterprise Portal uses the user management engine (UME) for user management. The UME can be configured to work with user management data from multiple data sources, for example, an LDAP directory, database of SAP NetWeaver Application Server (AS) Java, or AS ABAP system.

The UME is integrated as a service of the AS Java. Therefore you can use the user management tools of the AS Java to manage users.

For more information, see the following:

User Management Engine
Integration of User Management in Your System Landscape

User Management Tools

Tool	Description
Identity management	Enables you to manage users, groups, roles, and user-related data. It is available either as a standalone Web-based tool or as a series of iViews integrated in the User Administration role in the portal. Fo more information, see Identity Management .
User mapping function	Enables you to map users' portal user IDs and passwords to the corresponding user ID in systems connected to the portal to enable Single Sign-On (SSO). If you use SSO with logon tickets, you only need user mapping if the user IDs in the portal and back-end systems differ. Configuring user mapping between the portal and Business Server Page (BSP) systems exposes a security risk where the user ID and password is exposed in the HTTP header. You have the following options to eliminate this risk: Reconfigure the systems to use Single Sign-On with logon tickets. This requires that users have the same user ID in the portal as well as in the BSP systems. Upgrade the BSP system as described in SAP Note 904249. This enables the BSP system to support HTTP POST in combination with SSL. For more information, see Accessing Back-End Systems with a Different User ID .
Tool for distributing portal roles to ABAP systems	Role and User Distribution to the SAP System .
Tool for uploading objects such as roles and transactions from ABAP systems to the portal	Uploading Roles from Back-End Systems

Default Users

The portal uses the same administrator, guest, and emergency users as AS Java. It also uses the same communication users.

For more information, see Standard Users .

In addition, the portal uses the following internal service users. These users are all used internally in the portal and should not be deleted. However, if you do delete one of these users by mistake, the system automatically recreates the deleted user at the next startup of the portal.

User	Delivered?	Type	Detailed Description
pcd_service	Created during startup	Internal service user	User to authenticate against the Portal Content Directory (PCD) service, for example to create access control lists (ACLs).
config_fwk_service	Created during startup	Internal service user	User that the configuration service (a portal core application) uses to perform any configuration operation, such as deployment.
ume_service	Created during startup	Internal service user	User with extensive permissions that the UMEuses to request role data from the PCD.