Identity Management
Identity Management for System Landscapes
SAP Identity Management
Integration of User Management in Your System Landscape
Adding an ABAP System to Your System Landscape
Adding an AS Java System to Your System Landscape
Administration of User Data
Integrated Role and User Administration
Using ABAP-Centered Role Administration
Using Portal-Centered Role Administration
Using ABAP-Centered Role Assignment
Using the Portal-Centered Role Assignment
User and Role Administration of Application Server ABAP
User Management of SAP NetWeaver AS for Java
User Management Engine
Authorization Concept of SAP NetWeaver AS for Java
Architecture of Security Roles
Permissions, Actions, and UMERoles
Integration of UMERoles with ABAP Roles
Configuring User Management
First Steps in User Management
UMEData Sources
Selecting the UMEData Source
Database Only as Data Source
LDAP Directory as Data Source
Organization of Users and Groups in LDAP Directory
Configuring the UME to Use an LDAP Directory as Data Source
Configuring High Availability of the LDAP Data Source
UME Connection Pool for LDAP Directory
Customizing a UME Data Source Configuration
Accessing Data Source Configuration Files Offline
Accessing Data Source Configuration Files Online
Data Source Types
Home Data Source
Data Partitioning Scenarios
Namespaces
Structure of a Data Source Configuration File
<dataSources>
<homeFor> and <notHomeFor>
<responsibleFor> and <notResponsibleFor>
<attributeMapping>
<privateSection>
Examples of Data Source Configuration Files
Example: Attribute Mapping for Client Certificates
Example: Attribute Mapping for Custom Attributes
Example: Configuration of Multiple LDAP Data Sources
Example: Attribute-Based Data Partitioning
Example: Type-Based Data Partitioning
Example: User-Based Data Partitioning
Example: Multiple Object Classes for a Principal Type
Example: Negative User Filter
Example: Self-Managed Passwords
Example: User Mapping with LDAP and Tickets
User Management of Application Server ABAP as Data Source
Constraints for UMEwith ABAP Data Source
Constraints for the UME and Central User Administration
Data Source Configuration Files
Configuring the UME to Use an AS ABAP as Data Source
Configuring the UMEto Use the Current User for Change Operations
Changing the AS ABAP Back-End System for the UME
Changing the ABAP Client for the UME After a Client Copy
Changing the Password of the User for UME-ABAP Communication
Requirements for the System User for UME-ABAP Communication
Configuring the UMEfor Directory Service Sync with AS ABAP
Customizing a Directory Service Configuration File
Editing UME Properties
Editing UME Properties Online
Editing UME Properties Offline
Configuring the Security Policy for User IDs and Passwords
Global Properties for Security Policies
Integration of the UME Security Policy With External Data Sources
Default Security Policy Profiles
Notification by E-Mail
Configuring E-Mail Notification
Changing the Texts of Notification E-Mails
Configuring Self-Registration
Configuring Self-Management
Enabling Users to Reset Their Own Password
Configuring Logon Help
Configuring the Logon Screen
Configuring Delegated User Administration Using Companies
Companies
Company Group
Companies and Self-Registration with Approval
Disabling Companies for an ABAP Data Source
Types of User Administrator
Configuring Virtual Groups
Allowing Users to View the Contact Information of Other Users
Adding Custom Attributes to the User Profile
Additional Configuration Options
Configuring Users' Display Name
Configuring Groups' Name, Display Name, and Description
Configuring Simple Search
Configuring Search Options for the UME
Configuring the List of Available Languages
Configuring E-Mail Signatures
Enabling E-Mail Signatures
Creating and Modifying Corporate Signatures
Creating and Modifying Personalized Signatures
Defining a Pattern for User E-Mail Addresses
Optimizing Performance With the UME Cache
Configuring the Notification of Failed Logon Attempts
Administration of Users and Roles
Identity Management
UMEGroups
User Profile
Managing Users, Groups, and Roles
Assigning Principals to Roles or Groups
Dynamic Authorizations
Segregation of Duties
Password Management
Locking or Unlocking Users
Approving or Rejecting Users
Creating a Technical User
Changing the Logon Alias of Users
Configuring User Mappings on the Behalf of Users
Self-Registration
Moving a User to Another Company
Maintaining the User's Certificate Information
Exporting User Management Data
Importing User Management Data
Monitoring the Performance of the UMECache
Troubleshooting
Activating the Emergency User
Logging and Tracing
Directory Server Access Log
Directory Server Connection Pool Log
Checking the Consistency of Entries in the UME Database
Repairing Inconsistencies of Entries in the UME Database
Refreshing the User Caches of the AS Java
Downloading the UME Configuration
Reference Documentation for User Management
Logical Attributes
Standard Users
Default Security Policy Profiles
Standard User Groups
Standard UMERoles
Standard UME Actions
Standard Java EE Security Roles
UMEProperties
UMECache
Import Format for UME Principals
User Data Import Format
Group Data Import Format
Role Data Import Format
Developer Documentation for User Management