Purpose
SAP NetWeaver Application Server (AS) Java relies on the user management engine (UME) service for user management. Use the UME API to perform user management tasks such as:
Reading user attributes
Determine membership of groups and roles
Manage user profile data such as address, name, or custom attributes
The search and attribute reading functions are not strictly user management functions, but part of the UME API and described here.
When Should You Use the UME API?
Use the UME API whenever you need to perform user management functions programmatically. Only use the UME API when the standard tools delivered with the AS Java do not meet your needs.
What Restrictions Apply to Adding User Management Functions to Applications?
Any time you develop an application that uses the UME API, you must ensure that you require sufficient authorizations to protect it. You do not want to develop an application that enables hackers or malicious users to create their own users on your systems and assign themselves critical privileges either through group or role assignment.
The UME is an abstraction layer over different sources of user management data. It provides a single transparent view of disparate data sources. Typical configurations of data sources for the distribution of user management data include the following:
Database of the AS Java
Database of the AS Java and one or more LDAPs
Database of the AS Java and an AS ABAP
Depending on the configuration, specific attributes of a data source can be read-only or even the entire data source. Therefore you must make a design decision when you build these functions into your application.
Fit your application to a specific configuration
Designing your application to fit a specific server configuration means that you already know exactly which attributes are read-only and which are not. You do not need to build any extra checks into your application. However, it does make the application less flexible. You must change the application before you can deploy it to server with a different configuration or if your system landscape changes.
Make your application universal
Designing your application to fit all possible UME configurations means that you must add checks for read-only attributes and catch any resulting exceptions. However, it means you do not need to rewrite your application when your system landscape changes.
Prerequisites
Systems, applications, products, and authorizations |
|
Knowledge |
Sound knowledge of Java |
More Information
SAP Help Portal: User Management of the Application Server Java