When considering user and role administration in a system there are a number of tasks associated with the configuration of the system, both during the initial installation and during the life cycle of the system.
First installation procedure
Before you use SAP NetWeaver Application Server (SAP NetWeaver AS) ABAP productively, you must fulfill the prerequisites for administering users.
Setting up user and authorization administrators
Divide the user administration tasks among a number of administrators to ensure task separation when assigning authorizations.
Setting up the role administration tool
Set up of the role administration tool and decide how to handle authorization checks.
Logon and password security on SAP NetWeaver Application Server ABAP
Configure the password rules, the logon and password profile parameters, security policy, and the customizing switches for generated passwords.
Rules for user names
Set the rules that eliminate undesirable results from the unrestricted use of Unicode characters for user IDs.
Protecting special users
Protect default users from misuse.
Security in system groups
Setting up authorizations requires you to consider the system group: development, test, and production systems.
Role administration
Role administration encompasses the functions are available for role and authorization administration and the indirect assignment of roles using the organizational structure.
Central User Administration (CUA)
Using Central User Administration, you can maintain user master records centrally in one system. Changes to the information are then automatically distributed to the child systems. This means that you have an overview in the central system of all user data in the entire system landscape.
DBMS user management
Database management system (DBMS) user management enables SAP NetWeaver Application Server ABAP to manage users and their privileges on the DBMS.
Central repository for personalization data
The purpose of a central repository for personalization data is to provide storage for user-specific and role-specific data without having to create any additional database tables. This data should be taken into consideration whenever users or roles are changed.
Directory services
With directory services, various applications in the IT landscape can access common information at a central location.
Checking for changes in authorizations after upgrades
Enable role administration with the profile generator and do general post processing when upgrading.
Customizing scenario-based authorizations
Enable alternative authorization scenarios delivered for applications.