Requirements for System User SAPJSF_<SID> in ABAP Systems (SAP-Bibliothek - Sicherheit des Netzwerks und der Transportschicht)

Requirements for System User SAPJSF_<SID> in ABAP Systems

To connect from the User Management Engine (UME) to an ABAP-based SAP System using RFC (with or without Secure Network Communications), the UME needs a system user with which to establish the connection.

In a combined AS-ABAP + Java installation, the installer creates the user with the default name SAPJSF, and assigns the read-only role SAP_BC_JSF_COMMUNICATION_RO. The UME has read-only access to the AS-ABAP system.

In an AS-Java installation, you must create this user in the AS-ABAP system manually. The system user must fulfill the following requirements:

· User ID: We recommend that you use the user ID SAPJSF_<SAPSID_of_SAP_Web_AS_Java>. You can use any password.

· User Type: The user must be of type system.

· Authorization: The user requires authorizations for read access to user data, for authenticating remote users, and RFC authorizations.

As of Release 6.20, SAP Web Application Server is shipped with two roles that provide the required authorizations. The role you use depends on whether changes to administrative data or creation of new users from the UME are required or not.

¡ SAP_BC_JSF_COMMUNICATION_RO provides all authorizations for read access to user data, for authenticating remote users, and several low-level RFC authorizations. For example, users can still change their own password. This role provides sufficient authorization if you do not want to perform administrative changes from the UME: for example, add a new user or change a last name.

¡ SAP_BC_JSF_COMMUNICATION is the same as the above role, but additionally provides authorization to modify and delete all user-related data.

Hinweis

Make sure that you have maintained the authorization data and generated the profiles of the role that you are using. For information on how to generate profiles, see Strukturlink Generating Authorization Profiles.

· SNC name: If the connection is secured with SNC, the user must be assigned to the SNC name of the J2EE Engine on which the UME runs. To do this, in transaction SU01, on the SNC tab, enter the SNC name of the J2EE Engine. You can find the SNC name of the J2EE Engine by looking at its certificate in the SNC PSE of the ABAP system (use transaction STRUST) or by checking the value of the UME property ume.r3.connection.master.snc_myname.

· Language: The language with which the service user is logged on to the SAP system should be the same language that an administrator would use when logging on the SAP system using a SAP GUI. The language of the user is particularly important if the backend system uses characters outside the ASCII set, for example, a double-byte system with Japanese data. In this case, if the language is not configured properly, data coming from the backend system would not be displayed correctly in the UME user interfaces.

You can set the language either in the UME property ume.r3.connection.<adapterid>.lang (see Strukturlink SAP ABAP-Based System as Data Source) or in the user master in SU01. The value in the UME property overrides the setting in the user master.