Show TOC

Adding User Management Functions to ApplicationsLocate this document in the navigation structure

Use

Purpose

SAP NetWeaver Application Server (AS) Java relies on the user management engine (UME) service for user management. Use the UME API to perform user management tasks such as:

  • Reading user attributes

  • Determine membership of groups and roles

  • Manage user profile data such as address, name, or custom attributes

The search and attribute reading functions are not strictly user management functions, but part of the UME API and described here.

When Should You Use the UME API?

Use the UME API whenever you need to perform user management functions programmatically. Only use the UME API when the standard tools delivered with the AS Java do not meet your needs.

What Restrictions Apply to Adding User Management Functions to Applications?

Caution

Any time you develop an application that uses the UME API, you must ensure that you require sufficient authorizations to protect it. You do not want to develop an application that enables hackers or malicious users to create their own users on your systems and assign themselves critical privileges either through group or role assignment.

The UME is an abstraction layer over different sources of user management data. It provides a single transparent view of disparate data sources. Typical configurations of data sources for the distribution of user management data include the following:

  • Database of the AS Java

  • Database of the AS Java and one or more LDAPs

  • Database of the AS Java and an AS ABAP

Depending on the configuration, specific attributes of a data source can be read-only or even the entire data source. Therefore you must make a design decision when you build these functions into your application.

  • Fit your application to a specific configuration

    Designing your application to fit a specific server configuration means that you already know exactly which attributes are read-only and which are not. You do not need to build any extra checks into your application. However, it does make the application less flexible. You must change the application before you can deploy it to server with a different configuration or if your system landscape changes.

  • Make your application universal

    Designing your application to fit all possible UME configurations means that you must add checks for read-only attributes and catch any resulting exceptions. However, it means you do not need to rewrite your application when your system landscape changes.

Prerequisites

Systems, applications, products, and authorizations

  • SAP NetWeaver Developer Studio

  • Access to AS Java

Knowledge

Sound knowledge of Java

More Information