Standard User Groups

All installations of SAP NetWeaver Application Server (AS) Java include a set of standard user groups. Some of these groups are defined during installation and some are built in to the system.

Group	AS ABAP Data Source	Database Data Source
Administrator user group This user group contains the default user administrator. Users in this group have wide-ranging administrative access to the AS Java.	SAP_J2EE_ADMIN This group represents an ABAP role in the AS ABAP	Administrators
Guest user group This group contains the default guest user.	SAP_J2EE_GUEST This group represents an ABAP role in the AS ABAP	Guests

Group

AS ABAP Data Source

Database Data Source

Administrator user group

This user group contains the default user administrator. Users in this group have wide-ranging administrative access to the AS Java.

SAP_J2EE_ADMIN

This group represents an ABAP role in the AS ABAP

Administrators

Guest user group

This group contains the default guest user.

SAP_J2EE_GUEST

This group represents an ABAP role in the AS ABAP

Guests

Built-In User Groups

Built-in user groups are groups that the user management engine (UME) determines dynamically at runtime. They are not defined in the user data source. The table below lists the built-in user groups.

Built-In User Groups

Group	Description
Authenticated Users	Contains all non anonymous users, that is, users that have to authenticate themselves on the AS Java.
Anonymous Users	Contains all named anonymous users that are listed in the `ume.login.guest_user.uniqueids` property in the UMEproperties.
Everyone (or all)	Contains all the users and groups on the server.

You can change the display names and descriptions of the built-in user groups with UME properties. Changing the display name of these groups has no effects on roles already assigned to these groups. You do not have to reassign the roles to the new names.

More information: Configuring Groups' Name, Display Name, and Description .

Caution

Note You should not create groups with the names of the groups: Everyone, Authenticated Users, and Anonymous Users. If you create a group with one of these names through the native user interface of your directory service or database, you do not receive an error message, however, your user management will no longer function correctly. If you try to create a group with one of these names through the user administration console, you get an error message.

If you have groups with these names in your LDAP directory, the UMEblocks reading them from the LDAP directory by default. The UME uses the configuration setting Unique Name of Blocked Groups to define which groups are blocked.

The Anonymous Users and the Authenticated Users are two mutually exclusive groups. All users belong to one of these two groups. The Everyone group includes all users. The following figure displays the relationship between the built-in user groups.

The Relation of Built-In User Groups