Identity Management |
Identity Management for System Landscapes |
SAP Identity Management |
Integration of User Management in Your System Landscape |
Adding an ABAP System to Your System Landscape |
Adding an AS Java System to Your System Landscape |
Administration of User Data |
Integrated Role and User Administration |
Using ABAP-Centered Role Administration |
Using Portal-Centered Role Administration |
Using ABAP-Centered Role Assignment |
Using the Portal-Centered Role Assignment |
User and Role Administration of Application Server ABAP |
AS ABAP Authorization Concept |
Organizing Authorization Administration |
Assigning Authorizations |
From the Programmed Authorization Check to a Role |
Editing Authorization Default Data (Development System) |
Editing Authorization Default Data (Customer System) |
Maintaining Authorizations in SAP Example Roles |
Maintaining Authorizations in Roles for Productive Use |
Trace for Authorization Checks |
Maintaining Authorization Default Values Using Trace Evaluation in Transaction SU22 or SU24 |
Maintaining Authorization Fields Using Trace Evaluation in Transaction PFCG |
Maintaining Role Menus Using Trace Evaluation in Transaction PFCG |
Using the System Trace to Record Authorization Checks (Transaction STAUTHTRACE) |
Glossary |
Configuration of User and Role Administration |
First Installation Procedure |
Setting Up User and Authorization Administrators |
Configuring User Group as Required for User Master Records |
Interaction of Required User Groups and Central User Administration |
Enabling Movement Activity for S_USER_GRP |
Setting Up the Role Administration Tool |
Defining the Scope of Authorization Checks |
Preparatory Steps |
Globally Deactivating Authorization Checks |
Reducing Authorization Checks in Applications |
Searching for Deactivated Authority Checks |
Editing Templates for General Authorizations |
Check Indicators |
Logon and Password Security in SAP NetWeaver Application Server ABAP |
Implementation of Password and Logon Protection with Security Policies and Profile Parameters |
Password Hash |
Initial Password |
Password Checks |
Password Rules |
Profile Parameters for Logon and Password (Login Parameters) |
List of Customizing Switches for Generated Passwords |
Security Policy Attributes for Logon and Passwords |
Defining Security Policies |
Rules for User Names |
Protecting Special Users |
Securing User SAP* Against Misuse |
Securing User DDIC Against Misuse |
Security in System Groups |
Role Administration |
Role Administration Functions |
Changing Standard Roles |
Creating Single Roles |
Role Menu |
Merge Function for the Authorization Data of PFCG Roles |
Editing Predefined Authorizations |
Symbols and Status Text in Authorization Administration |
Copying Authorizations From Templates |
Assign User |
Assign MiniApps |
Personalization Tab Page |
Creating Derived Roles and Copying Authorizations |
Authorization Checks when Adjusting Derived Roles |
Comparing and Adjusting Role Menus |
Creating Composite Roles |
Generating Authorization Profiles |
Regenerate the Authorization Profile Following Changes |
Performing a Mass Generation of Profiles |
Transporting Authorization Components |
Transporting and Distributing Roles |
Transporting Manually-Created Profiles |
Transporting Manually-Created Authorizations |
Transporting Check Indicators and Field Values |
Loading or Storing Check Indicators and Authorization Default Values |
Transporting Templates |
Analyzing Authorization Checks |
Analyzing Authorizations Using the System Trace |
Authorization Error Analysis Functions |
Indirect Role Assignment Using Organizational Management (OM) |
Assigning a Role Indirectly |
Indirect Role Assignment in a System Landscape |
Distribution of the Organizational Management Model |
Creating an Organizational Management Distribution Model in the Sending System |
Generating Partner Profiles of the OM Distribution Model |
Creating an Outbound Filter with Customer Exit |
Activating Change Pointers |
Writing Change Pointers for Infotype 0105 |
Distributing the Organizational Management Model (Initial Distribution) |
Distributing Changes to the Organizational Management Model |
Central User Administration |
Setting Up Central User Administration |
Creating an Administration User |
Setting Up Logical Systems |
Defining/Setting Up a Logical System |
Assigning a Logical System to a Client |
System Users and RFC Destinations |
Defining Authorizations for System Users |
Determining Existing RFC Destinations and System Users |
Creating System Users |
Creating an RFC Destination for the Target System |
System Users and RFC Destinations with Trusted Systems |
Creating RFC Destinations for the Target System with a Trusted System |
Advantages and Disadvantages of Trusted RFC Destinations |
Creating the Central User Administration |
Set Up Field Distribution Parameters |
Synchronizing and Distributing Company Addresses |
Synchronizing User Groups |
Transferring Users from New Systems |
Displaying and Processing Distribution Logs |
Error Analysis in Central User Administration |
Checking the Setup of Central User Administration |
Avoiding Termination when Saving the System Landscape |
Creating an ALE Model Including Partner Profiles Manually |
Creating the ALE Distribution Model |
Generating Partner Profiles |
Checking Partner Profiles |
Correcting Errors in Partner Profiles |
Distributing the Model View |
Other Error Sources |
Activated Background Processing |
Changing Partner Profiles with Active Background Processing |
Creating a Background User |
Removing Central User Administration |
Removing a Child System from Central User Administration |
Removing Central User Administration Completely |
Glossary |
Application Link Enabling (ALE) |
ALE Landscape |
ALE Integrated System |
User Master Record |
Authorization |
Authorization Profile |
Background Processing |
IDoc |
System User |
Logical System |
Partner Profile |
Profile |
Profile Generator |
Remote Function Call (RFC) |
Role |
Child System |
Distribution Model |
Central User Administration (CUA) |
Central System |
DBMS User Management |
Configuring DBMS User Management for SAP HANA |
Central Repository for Personalization Data |
Using the Generic Storage Table |
Implementing a Dialog |
Integrating External Tables |
Registering Personalization Objects |
Directory Services |
LDAP Connector |
Maintaining the Directory Server |
Configuring the LDAP Connector |
Configuring Connection Data for the Directory Service |
Defining the System User of the Directory Service |
LDAP Connector Interface |
Logging On to the Directory Service |
Calling LDAP Protocol Functions |
Synchronization of SAP User Administration with an LDAP-Compatible Directory Service |
Mapping SAP Data Fields to Directory Attributes |
Mapping and Synchronization Process |
Schema Extension |
Generating a Schema Extension |
Mapping SAP Data Fields to Directory Attributes |
Mapping with a Function Module (Linking Type) |
Mapping Indicator Versus Synchronization Indicator |
Setting Mapping Indicators |
Setting Synchronization Indicators |
Preparing and Starting Synchronization |
Synchronization Report RSLDAPSYNC_USER: Examples |
Administering the Synchronization Log |
Checking for Changes in Authorizations After Upgrades |
Generated Role SAP_NEW |
Migrating Report Trees |
Customizing Scenario-Based Authorizations |
Scenario-Based Authorization Checks |
Transporting Active Scenarios to Follow-On Systems |
Saving Scenarios to the Local File System |
Uploading Active Scenarios to SAP NetWeaver Application Server ABAP |
Checking the Consistency of Active Scenarios |
Displaying an Overview of Scenarios |
Administration of Users and Roles |
User Administration |
User Administration Functions |
Creating and Editing User Master Records |
Logon Data Tab |
Password Status |
Assigning Security Policies to Users |
DBMS Tab |
SNC Tab Page |
Roles Tab Page |
Profiles Tab |
Groups Tab Page |
Personalization Tab Page |
Licence Data Tab Page |
Copying Users |
Personalizing Users or Roles |
Changing the Standard Company Address |
Assigning Roles |
Assign a Standard Role to a User |
Mass Changes |
Logging Off Inactive Users |
Editing User Defaults and Options |
Comparing User Master Records |
Creating and Editing Internet Users |
User Administration with DBMS User Management |
Changes in Behavior When DBMS User Management is Active |
Password Management with DBMS User Management |
Constraints in DBMS User Management |
Removing Inconsistent Mappings in DBMS User Management |
Mass Maintenance with DBMS User Management |
Maintaining User Mappings of Many DBMS Users |
Maintaining Role Assignments for Many DBMS Users |
Operating Central User Administration |
User Administration with Active Central User Administration |
Assigning Passwords with Active Central User Administration |
Sending User Master Data to a Child System |
Performing a Text Comparison with Target System Specification |
Displaying Change Documents for Security Policies |
User Information System |
Determining Users with the Users Node |
Determining Cross-System Information |
Users by Complex Selection Criteria (RSUSR002) |
By Logon Date and Password Change (RSUSR200) |
With Critical Authorizations (RSUSR008_009_NEW) |
Analyzing Users with Critical Authorizations |
Analyzing Users with Critical Combinations of Authorizations |
Additional Selection Criteria |
Evaluation of the Result List |
Examples of Using Critical Authorizations and Combinations |
Determining Roles, Profiles, Authorizations, and Authorization Objects |
Determining Transactions (RSUSR010) |
Comparing Cross-System Users, Authorizations, Roles, and Profiles (RSUSR050) |
Creating Where-Used Lists in the User Information System |
Creating Where-Used Lists for Roles (RSUSR002) |
Creating Where-Used Lists for Profiles (RSUSR002) |
Creating Where-Used Lists for Authorizations (RSUSR002) |
Creating Where-Used Lists for Authorization Values (RSUSR002) |
Creating Where-Used Lists for Authorization Objects (RSUSR002) |
Determining Change Documents |
Displaying Change Documents for Users |
Displaying Change Documents for Role Assignments |
Displaying Change Documents for Roles |
Displaying Change Documents for Profiles |
Displaying Change Documents for Authorizations |
Displaying Change Documents for Authorization Defaults |
Displaying Change Documents for Security Policies |
Displaying Change Documents for CUA Configurations |
Creating a User-Specific Result List |
Troubleshooting |
Cleaning Up User Tables |
Reference Documentation for User and Role Administration |
Authorization Objects Checked in Role Administration |
Role Administration: Example |
Role Administration: Tips and Tricks |
Creating Roles |
Organization Without the Profile Generator |
Creating and Maintaining Authorizations/Profiles Manually |
Line-Oriented Authorizations |
Administration Tasks |
Maintaining Authorization Profiles |
Einzel- und Sammelprofile |
Defining Profiles and Authorizations |
Alternative Authorizations |
Choosing Authorization Objects |
Maintaining Composite Profiles |
Activate Profiles |
Naming Convention for Predefined Profiles |
Maintaining Authorizations and Their Values |
Special Authorizations Requiring Protective Measures |
Authorization Profile SAP_ALL |
Generated Role SAP_APP |
Developer Documentation for User and Role Administration |
Authorization Checks |
Authorization Checks in Your Own Developments |
Creating Authorization Fields |
Assigning an Authorization Object to an Object Class |
Programming Authorization Checks |
Transporting Authorization Objects and Classes |
Programmatically Checking Passwords Against the Password Rules |
Performing Authorization Checks Based on Scenarios |
Creating Scenario Definitions for Authorization Checks |
Activating Scenarios for Testing |
Automatically Adding Authorization Objects to Scenarios |
Manually Adding Authorization Objects to Scenarios |
Transporting Scenarios Definitions |
Switchable Authorization Check Framework Overview |
Authorizations Required For Scenario-Based Authorizations |
User Management of the Application Server Java |
User Management Engine |
Authorization Concept of the AS Java |
Architecture of Security Roles |
Permissions, Actions, and UMERoles |
Integration of UMERoles with ABAP Roles |
Configuring User Management |
First Steps in User Management |
UMEData Sources |
Selecting the UMEData Source |
Database Only as Data Source |
LDAP Directory as Data Source |
Organization of Users and Groups in LDAP Directory |
Configuring the UME to Use an LDAP Directory as Data Source |
Configuring High Availability of the LDAP Data Source |
UME Connection Pool for LDAP Directory |
Customizing a UME Data Source Configuration |
Accessing Data Source Configuration Files Offline |
Accessing Data Source Configuration Files Online |
Data Source Types |
Home Data Source |
Data Partitioning Scenarios |
Namespaces |
Structure of a Data Source Configuration File |
<dataSources> |
<homeFor> and <notHomeFor> |
<responsibleFor> and <notResponsibleFor> |
<attributeMapping> |
<privateSection> |
Examples of Data Source Configuration Files |
Example: Attribute Mapping for Client Certificates |
Example: Attribute Mapping for Custom Attributes |
Example: Configuration of Multiple LDAP Data Sources |
Example: Attribute-Based Data Partitioning |
Example: Type-Based Data Partitioning |
Example: User-Based Data Partitioning |
Example: Multiple Object Classes for a Principal Type |
Example: Negative User Filter |
Example: Self-Managed Passwords |
Example: User Mapping with LDAP and Tickets |
User Management of Application Server ABAP as Data Source |
Constraints for UMEwith ABAP Data Source |
Constraints for the UME and Central User Administration |
Data Source Configuration Files |
Configuring the UME to Use an AS ABAP as Data Source |
Configuring the UMEto Use the Current User for Change Operations |
Changing the AS ABAP Back-End System for the UME |
Changing the ABAP Client for the UME After a Client Copy |
Changing the Password of the User for UME-ABAP Communication |
Requirements for the System User for UME-ABAP Communication |
Configuring the UMEfor Directory Service Sync with AS ABAP |
Customizing a Directory Service Configuration File |
Editing UME Properties |
Editing UME Properties Online |
Editing UME Properties Offline |
Configuring the Security Policy for User IDs and Passwords |
Global Properties for Security Policies |
Integration of the UME Security Policy With External Data Sources |
Default Security Policy Profiles |
Notification by E-Mail |
Configuring E-Mail Notification |
Changing the Texts of Notification E-Mails |
Configuring Self-Registration |
Configuring Self-Management |
Enabling Users to Reset Their Own Password |
Configuring Logon Help |
Configuring the Logon Screen |
Configuring Delegated User Administration Using Companies |
Companies |
Company Group |
Companies and Self-Registration with Approval |
Disabling Companies for an ABAP Data Source |
Types of User Administrator |
Configuring Virtual Groups |
Allowing Users to View the Contact Information of Other Users |
Adding Custom Attributes to the User Profile |
Additional Configuration Options |
Configuring Users' Display Name |
Configuring Groups' Name, Display Name, and Description |
Configuring Simple Search |
Configuring Search Options for the UME |
Configuring the List of Available Languages |
Configuring E-Mail Signatures |
Enabling E-Mail Signatures |
Creating and Modifying Corporate Signatures |
Creating and Modifying Personalized Signatures |
Defining a Pattern for User E-Mail Addresses |
Optimizing Performance With the UME Cache |
Configuring the Notification of Failed Logon Attempts |
Administration of Users and Roles |
Identity Management |
UMEGroups |
User Profile |
Managing Users, Groups, and Roles |
Assigning Principals to Roles or Groups |
Segregation of Duties |
Password Management |
Locking or Unlocking Users |
Approving or Rejecting Users |
Creating a Technical User |
Changing the Logon Alias of Users |
Configuring User Mappings on the Behalf of Users |
Self-Registration |
Moving a User to Another Company |
Maintaining the User's Certificate Information |
Exporting User Management Data |
Importing User Management Data |
Monitoring the Performance of the UMECache |
Troubleshooting |
Activating the Emergency User |
Logging and Tracing |
Directory Server Access Log |
Directory Server Connection Pool Log |
Checking the Consistency of Entries in the UME Database |
Repairing Inconsistencies of Entries in the UME Database |
Refreshing the User Caches of the AS Java |
Downloading the UME Configuration |
Reference Documentation for User Management |
Logical Attributes |
Standard Users |
Default Security Policy Profiles |
Standard User Groups |
Standard UMERoles |
Standard UME Actions |
Standard Java EE Security Roles |
UMEProperties |
UMECache |
Import Format for UME Principals |
User Data Import Format |
Group Data Import Format |
Role Data Import Format |
Developer Documentation for User Management |