The user management for the SAP NetWeaver Development Infrastructure (NWDI) with Design Time Repository, Change Management Service and Component Build Service uses the User Management Engine (UME). The UME provides different ways of storing user data.
The figure below shows how the NWDI uses UME.
For more information, see Permissions, Actions, and UME Roles.
To use the UME, select a storage location for the user data.
You can use the groups NWDI.Developer and NWDI.Administrators to grant the relevant permissions.
You also need a user for the CMS. The CMS uses this user to perform all actions in the DTR, CBS, and SLD that are required for the configuration of the NWDI and the CMS itself.
We recommend that you call this user CMSadm. It must be assigned to the NWDI.Administrators group.
For details about other authorizations that are not in the category Administrator or Developer (such as Quality Manager), see the following:
● Roles in the Change Management Service
● Roles in the Component Build Service
For information about how to give specific developers access to specific workspaces and resources in the DTR, see User Authentication and Authorization in the Design Time Repository.
...
For information about how to start the UME, see User Administration Console.
For a description of how to assign users to groups, see Creating Users and Assigning Groups.
If the users are imported from a central ABAP-based system, you do not have to create them in the user administration front end of the AS Java. If you want to assign users to a specific UME role, you have to do this yourself.
For an example of how to assign user groups to UME roles, see the Installation Guide. For more information, see UME Properties for an AS ABAP Data Source.
You can also store user data in an LDAP system. For more information, see LDAP Directory as Data Source.
In LDAP systems, names of users and groups are unique only in the context of the hierarchy. As a basis for assigning authorizations in the DTR, the name alone is therefore not sufficient. For this reason, a concept for unique IDs exists, which are used in the DTR in place of the names. For more information, see Granting Privileges.
The table below shows the minimum requirements concerning roles and actions for the development with the NWDI. The role and group names are examples.
Roles and Actions Required for the Development with the Entire NWDI
UME Group |
UME Role |
UME Action |
NWDI.Administrators |
NWDI.Administrator |
CBS.Administrator CMS.Administrate |
NWDI.Developers |
NWDI.Developer |
CBS.Developer CMS.Display CMS.ExportOwn |
To allow communication with the SLD, you must additionally assign the UME groups to the following security roles in the AS Java:
■ Administrators need the security role LcrInstanceWriterAll.
■ Developers need the security role LcrInstanceWriterNR.
It can take a while before you can start working with the user you just created. This depends on the UME cache.
If you are using CM Services instead of CMS, see Using Change Management Services for the parts that concern CM Services. UME configuration for DTR, CBS and SLD is still required.