Configuring the UME to Use an AS ABAP as Data Source
Use this procedure to change the data source of the user management engine (UME) to the user management of an Application Server (AS) ABAP. This enables you to make use of user data stored in the ABAP system.
Restart Required
This procedure requires you to restart the AS Java, so you should plan for the required downtime while the AS Java restarts.
AS ABAP Version
The AS ABAP must be SAP NetWeaver Application Server 6.20 SPS 38 and higher.
RFC Destinations
You must have configured a Remote Function Call (RFC) destination for the AS ABAP with the name UMEBackendConnection for the system user for UME-ABAP communication.
We recommend using the logon ID SAPJSF_ <SID>.
More information: Requirements for the System User for UME-ABAP Communication .
Optionally, you can configure an RFC destination for change operations (create, modify, and delete). Use this destination to enable the AS ABAP to log who changed ABAP user master data and to allow for granular control of authorizations for user modification. If you do not configure this destination, any changes to user master data using the UME are logged as changes made by the system user for UME-ABAP communication.
We recommend you use the name UMEBackendConnectionForChanges for the destination.
When configuring this destination you must do the following:
- To enable the AS ABAP to make changes to ABAP user master data with the logon ID and authorizations of the current user, configure the destination to use Current User (Assertion Ticket) for authentication. Changes are then made with the logon ID and authorizations of the user currently logged on.
- Users who change ABAP user master data with the UMErequire sufficient RFC authorizations in the AS ABAP back-end system. Use the ABAP role SAP_BC_JSF_COMMUNICATION_NAMED to assign the required S_RFC authorization to all users, who change ABAP user master data using the UME.
More information: Maintaining RFC Destinations .
Existing Users
Existing users in the AS Java database remain in the database after you configure the AS ABAP as the data source. When you log on to the AS Java, the UMEsearches both data sources simultaneously. Before you configure UME to use the AS ABAP as the data source, make sure the AS ABAP user management does not include any users with the same logon ID as users in the AS Java database. The UMErefuses to authenticate any user with a nonunique logon ID.
The guest user of the AS Java must not exist in the AS ABAP. If the guest user logon ID exists in both systems, the AS Java cannot start. The UME property ume.login.guest_user.uniqueids identifies the guest user.
Existing Groups
Existing groups in the AS Java database remain in the database after you configure the AS ABAP as the data source. Before you configure the UME to use the AS ABAP as the data source, use transaction PFCG to check that there is no ABAP role with the same name as a group in the AS Java database.
- Start UME Configuration.
More information: Configuring User Management .
- Choose the Modify Configuration pushbutton.
- On the Data Sources tab page, select the data source ABAP System .
- On the ABAP Server tab page, enter the RFC destinations as required.
- Choose the Validate Configuration pushbutton.
If the test fails, check your connection parameters.
- Save your entries.
- Restart the AS Java.
The UME uses the AS ABAP as the data source.
More information: User Management of Application Server ABAP as Data Source .
We recommend that you configure SNC between the AS Java and the AS ABAP.
More information:
If you AS ABAP synchronizes with an LDAP directory, you can configure the UMEfor authentication with the LDAP directory.
More information: Configuring the UME for Directory Service Sync with AS ABAP .