Use this procedure to change the data source of the user management engine (UME) to the user management of an Application Server (AS) ABAP. This enables you to make use of user data stored in the ABAP system.
Restart Required
This procedure requires you to restart the AS Java, so you should plan for the required downtime while the AS Java restarts.
AS ABAP Version
The AS ABAP must be SAP NetWeaver Application Server 6.20 SPS 38 and higher.
RFC Destinations
You must have configured a Remote Function Call (RFC) destination for the AS ABAP with the name UMEBackendConnection for the system user for UME-ABAP communication.
We recommend using the logon ID SAPJSF_ <SID>.
More information: Requirements for the System User for UME-ABAP Communication .
Optionally, you can configure an RFC destination for change operations (create, modify, and delete). Use this destination to enable the AS ABAP to log who changed ABAP user master data and to allow for granular control of authorizations for user modification. If you do not configure this destination, any changes to user master data using the UME are logged as changes made by the system user for UME-ABAP communication.
We recommend you use the name UMEBackendConnectionForChanges for the destination.
When configuring this destination you must do the following:
More information: Maintaining RFC Destinations .
Existing Users
Existing users in the AS Java database remain in the database after you configure the AS ABAP as the data source. When you log on to the AS Java, the UMEsearches both data sources simultaneously. Before you configure UME to use the AS ABAP as the data source, make sure the AS ABAP user management does not include any users with the same logon ID as users in the AS Java database. The UMErefuses to authenticate any user with a nonunique logon ID.
The guest user of the AS Java must not exist in the AS ABAP. If the guest user logon ID exists in both systems, the AS Java cannot start. The UME property ume.login.guest_user.uniqueids identifies the guest user.
Existing Groups
Existing groups in the AS Java database remain in the database after you configure the AS ABAP as the data source. Before you configure the UME to use the AS ABAP as the data source, use transaction PFCG to check that there is no ABAP role with the same name as a group in the AS Java database.
More information: Configuring User Management .
If the test fails, check your connection parameters.
The UME uses the AS ABAP as the data source.
More information: User Management of Application Server ABAP as Data Source .
We recommend that you configure SNC between the AS Java and the AS ABAP.
More information:
If you AS ABAP synchronizes with an LDAP directory, you can configure the UMEfor authentication with the LDAP directory.
More information: Configuring the UME for Directory Service Sync with AS ABAP .