Working as a Global User
Administrator 
Use
As a global user administrator, you can view all users, groups, and roles in the portal, including those that do not belong to any specific tenant and those that do.
A tenant user or group can only be assigned to a single tenant. Assigning a tenant user or group to multiple tenants in parallel is not supported.
Prerequisites
· You are a global user administrator.
· You know the names of the tenants in the portal (see Viewing Portal Tenants).
Procedure
Managing Users
As a global user administrator, you can perform the following actions on users in a multitenant portal.
Task |
Procedure |
Searching for users belonging to a particular tenant |
... 1. Choose User Administration ® Users ® Search. 2. In User ID, enter the tenant name followed by a backslash (\) followed by the search term.
TenantA\* finds all users from the tenant called TenantA. TenantA\u* finds all users that begin with ‘u’ from the tenant called TenantA. |
Searching for global users not belonging to any tenant |
Use the same procedure as for searching for tenant users, but do not enter a tenant name prefix. |
Creating users for a particular tenant |
... 1. Choose User Administration ® Users ® Create User. 2. In User ID, enter the tenant name followed by a backslash (\) followed by the ID of the new user.
For example: TenantA\smithj 3. Fill in the other fields as required. 4. Save your entry. |
Creating global users that do not belong to a particular tenant |
Use the same procedure as for creating tenant users above, but do not enter a tenant name prefix. |
Managing Groups
Task |
Procedure |
Searching for groups belonging to a particular tenant |
... 1. Choose User Administration ® Groups. 2. Enter the tenant name followed by a backslash (\) followed by the search term.
For example: TenantA\g* finds all groups that begin with ‘g’ from the tenant called TenantA. |
Searching for global groups not belonging to any tenant |
Use the same procedure for searching for tenant groups, but do not enter a tenant name. |
Creating groups for a particular tenant |
... 1. Choose User Administration ® Groups.
2.
Choose 3. In Group Name, enter the tenant name followed by a backslash (\) followed by the name of the new group.
For example: TenantA\marketing 4. Enter a description. 5. Choose Save. |
Creating global groups that do not belong to any tenant |
Use the same procedure for creating tenant groups, but do not enter a tenant name prefix. |
Managing Roles
The tool you use to work with roles depends on the role type:
·
UME roles: You use the 
UME administration
console to create and edit these roles.
· Portal roles:You use the Role Editor in the Portal Content Studio to create and edit these roles.
For more information on the two role types, see UME Roles and Portal Roles).
You use the Role Assignment tool to assign users and groups to both types of roles.
If you are an administrator working with tenant-specific portal roles, always enter the tenant name as the prefix of the role in lower-case characters, regardless of how you defined the tenant name when you created it. This requirement is not valid for users, groups, and UME roles.
Task |
Procedure |
Searching for roles belonging to a particular tenant |
There are several starting points from where you can search for roles; for example, using the search feature in the Portal Catalog or using the role assignment tool. Whichever starting point you choose, enter the tenant name (as the role prefix ID) followed by a period (.) and then by the search term as your search criteria.
For example: tenanta.r* finds all roles that begin with ‘r’ from the tenant called TenantA. |
Searching for global roles |
Use the same procedure for searching for tenant roles, but do enter a tenant name prefix. |
Creating UME roles for a particular tenant |
... 1. Launch the UME Console using the following URL: <protocol>/<portalserver>:<port>/useradmin. 2. Choose Roles.
3.
Choose 4. In Role Name, enter the tenant name followed by a period (.) and then by the name of the new role. 5. Enter a description and assign actions to the role as required. 6. Choose Save. |
Creating global UME roles |
Use the same procedure for creating UME roles, but do not enter a tenant name as the prefix of the role name. |
Creating portal roles for a particular tenant |
... 1. Choose Content Administration ® Portal Content. 2. Right-click a Portal Catalog folder, and choose New ® Role. In the role ID prefix, enter the tenant's name in lower-case characters.
For example, if you want to create the role role_1 for the TenantA tenant, enter tenanta as the role ID prefix, and role_1 as the role ID. |
Creating global portal roles |
Use the same procedure for creating portal roles for a particular tenant, but do not enter a tenant name as the prefix of the role name. |
As an alternative, a portal administrator can import roles from the following sources:
· The SAP system specified for the portal tenant. As each tenant is required to have an SAP system client, the tenant administrator can integrate content from ABAP-based applications in the portal role for a user of a tenant. See Portal Roles and ABAP-Based SAP Systems. Afterwards, make sure for each role you define the tenant's name in the role's ID prefix.
· Business Packages.SAP business packages provide applications and solutions for performing specific tasks. The content of a business package can include roles, worksets, iViews, and layouts, which can be imported into the portal for users of a tenant. See Configuring a Business Package for Several Tenants. Afterwards, make sure for each role you define the tenant's name in the role's ID prefix.
Once a role has been created, you need to assign content and users to it:
· For information on assigning roles to users and groups, Role Assignment in a Multitenant Portal.
· For information on assigning content to roles, see Assigning Tenant's Content and Users to Roles.