Show TOC

 Configuration of User and Role AdministrationLocate this document in the navigation structure

When considering user and role administration in a system there are a number of tasks associated with the configuration of the system, both during the initial installation and during the life cycle of the system.

  • First installation procedure

    Before you use SAP NetWeaver Application Server (SAP NetWeaver AS) ABAP productively, you must fulfill the prerequisites for administering users.

    • Setting up user and authorization administrators

      Divide the user administration tasks among a number of administrators to ensure task separation when assigning authorizations.

    • Setting up the role administration tool

      Set up of the role administration tool and decide how to handle authorization checks.

    • Logon and password security on SAP NetWeaver Application Server for ABAP

      Configure the password rules, the logon and password profile parameters, security policy, and the customizing switches for generated passwords.

    • Rules for user names

      Set the rules that eliminate undesirable results from the unrestricted use of Unicode characters for user IDs.

    • Protecting special users

      Protect default users from misuse.

    • Security in system groups

      Setting up authorizations requires you to consider the system group: development, test, and production systems.

  • Role administration

    Role administration encompasses the functions are available for role and authorization administration and the indirect assignment of roles using the organizational structure.

  • Central User Administration (CUA)

    Using Central User Administration, you can maintain user master records centrally in one system. Changes to the information are then automatically distributed to the child systems. This means that you have an overview in the central system of all user data in the entire system landscape.

  • Central repository for personalization data

    The purpose of a central repository for personalization data is to provide storage for user-specific and role-specific data without having to create any additional database tables. This data should be taken into consideration whenever users or roles are changed.

  • Directory services

    With directory services, various applications in the IT landscape can access common information at a central location.

  • Central repository for personalization data

    Enable role administration with the profile generator and do general post processing when upgrading.

  • Customizing scenario-based authorizations

    Enable alternative authorization scenarios delivered for applications.

Related Information