When considering user and role administration in a system there are a number of tasks associated with the configuration of the system, both during the initial installation and during the life cycle of the system.
First installation procedure
Before you use SAP NetWeaver Application Server (SAP NetWeaver AS) ABAP productively, you must fulfill the prerequisites for administering users.
Setting up user and authorization administrators
Divide the user administration tasks among a number of administrators to ensure task separation when assigning authorizations.
Setting up the role administration tool
Set up of the role administration tool and decide how to handle authorization checks.
Logon and password security on SAP NetWeaver Application Server for ABAP
Configure the password rules, the logon and password profile parameters, security policy, and the customizing switches for generated passwords.
Rules for user names
Set the rules that eliminate undesirable results from the unrestricted use of Unicode characters for user IDs.
Protecting special users
Protect default users from misuse.
Security in system groups
Setting up authorizations requires you to consider the system group: development, test, and production systems.
Role administration
Role administration encompasses the functions are available for role and authorization administration and the indirect assignment of roles using the organizational structure.
Central User Administration (CUA)
Using Central User Administration, you can maintain user master records centrally in one system. Changes to the information are then automatically distributed to the child systems. This means that you have an overview in the central system of all user data in the entire system landscape.
Central repository for personalization data
The purpose of a central repository for personalization data is to provide storage for user-specific and role-specific data without having to create any additional database tables. This data should be taken into consideration whenever users or roles are changed.
Directory services
With directory services, various applications in the IT landscape can access common information at a central location.
Central repository for personalization data
Enable role administration with the profile generator and do general post processing when upgrading.
Customizing scenario-based authorizations
Enable alternative authorization scenarios delivered for applications.