Show TOC Start of Content Area

Procedure documentation Configuring the NWDI User Management  Locate the document in its SAP Library structure

The user management for the SAP NetWeaver Development Infrastructure (NWDI) with Design Time Repository, Change Management Service and Component Build Service uses the User Management Engine (UME). The UME provides different ways of storing user data.

The figure below shows how the NWDI uses UME.

This graphic is explained in the accompanying text

For more information, see Permissions, Actions, and UME Roles.

Using the User Management Engine

To use the UME, select a storage location for the user data.

Storing User Data in the Database of a AS Java

You can use the groups NWDI.Developer and NWDI.Administrators to grant the relevant permissions.

You also need a user for the CMS. The CMS uses this user to perform all actions in the DTR, CBS, and SLD that are required for the configuration of the NWDI and the CMS itself.

Recommendation

We recommend that you call this user CMSadm. It must be assigned to the NWDI.Administrators group.

For details about other authorizations that are not in the category Administrator or Developer (such as Quality Manager), see the following:

      Roles in the Change Management Service

      Roles in the Component Build Service

For information about how to give specific developers access to specific workspaces and resources in the DTR, see User Authentication and Authorization in the Design Time Repository.

Starting the User Management UI

...

For information about how to start the UME, see User Administration Console.

For a description of how to assign users to groups, see Creating Users and Assigning Groups.

Storing User Data in a Central ABAP-Based System

If the users are imported from a central ABAP-based system, you do not have to create them in the user administration front end of the AS Java. If you want to assign users to a specific UME role, you have to do this yourself.

Note

For an example of how to assign user groups to UME roles, see the Installation Guide. For more information, see UME Properties for an AS ABAP Data Source.

Storing User Data in an LDAP System

You can also store user data in an LDAP system. For more information, see LDAP Directory as Data Source.

Note

In LDAP systems, names of users and groups are unique only in the context of the hierarchy. As a basis for assigning authorizations in the DTR, the name alone is therefore not sufficient. For this reason, a concept for unique IDs exists, which are used in the DTR in place of the names. For more information, see Granting Privileges.

Required Roles and Actions

The table below shows the minimum requirements concerning roles and actions for the development with the NWDI. The role and group names are examples.

Roles and Actions Required for the Development with the Entire NWDI

UME Group

UME Role

UME Action

NWDI.Administrators

NWDI.Administrator

CBS.Administrator

CMS.Administrate

NWDI.Developers

NWDI.Developer

CBS.Developer

CMS.Display

CMS.ExportOwn

Note

To allow communication with the SLD, you must additionally assign the UME groups to the following security roles in the AS Java:

       Administrators need the security role LcrInstanceWriterAll.

       Developers need the security role LcrInstanceWriterNR.

It can take a while before you can start working with the user you just created. This depends on the UME cache.

Note

If you are using CM Services instead of CMS, see Using Change Management Services for the parts that concern CM Services. UME configuration for DTR, CBS and SLD is still required.

End of Content Area