UME Action ID

Description

UME.AclSuperUser

(Relevant for SAP NetWeaver Portal only.)

Provides Owner permissions on all objects in the Portal Content Catalog. You cannot remove this permission in the permission editor. This action is designed for super administrators.

Be restrictive with this action, as it provides extensive permissions on portal content. Only assign it to the Super Administration role in the portal. Do not assign it to any other roles.

UME.Batch_Admin

Provides permissions to use the import and export functions using identity management. Included are permission to import and export users.

To import groups or roles, or to import group or role assignments, you must also have the permissions to change the relevant principals. To export, you must have read permissions for the relevant principals.

UME.Logon_Help

Provides permissions to access the logon help Web Dynpro application. Assign this action to a role assigned to the anonymous users group.

UME.Manage_All

Provides permissions required by an overall user administrator. These include:

●      Administration of users belonging to any company and the possibility of assigning users to companies

●      Group management

●      Role management

●      User mapping

●      Import and export of user data

●      UME configuration

●      Consistency check and repair tools

●      Refresh the user cache

●      Full access to the SPML interface

To set up delegated user administration, overall user administrators must belong to a role to which the UME.Manage_All action is assigned.

In portal installations, any role that includes the UME.Manage_All action automatically has Role Assigner permissions on all portal roles in the portal installation.

UME.Manage_All_Companies

Provides permissions to manage users in all companies.

UME.Manage_All_User_Passwords

Provides permissions required by a user to change the password of other users independent of company. This also enables the user to view all user profiles.

UME.Manage_Groups

Provides permissions to view, add, modify, and delete groups. To assign users or roles to a group, you must have permission to modify users or roles.

UME.Manage_My_Password

Provides nonadministrator users with permissions to change their own personal password in their user profile. The action UME.Manage_My_Profile includes this action. The UME property ume.logon.security_policy.password_change_allowed must also be set to TRUE. See also Logon.

UME.Manage_My_Profile

Provides nonadministrator users with permissions to display and change their own personal user profile.

UME.Manage_Role_Assignments

(Relevant for SAP NetWeaver Portal only.)

Provides permissions to assign portal roles, for which you have Role Assigner permissions, to users within your company. With this action, you can neither assign roles to groups, nor change the actions assigned to a role.

This is a default role for delegated user administration for the portal.

UME.Manage_Roles

(Not relevant for SAP NetWeaver Portal.)

Provides permissions to view, add, modify, and delete UME roles. To assign users or groups to a role, you must have permission to modify users or groups.

Be careful to whom you assign this action. Users with this action can assign themselves the Administrator role, which gives them full administrator rights on the AS Java.

UME.Manage_User_Passwords

With this action a user can manage the passwords of users belonging to his or her company. The user with this action can view the user profiles of other users in his or her company and even lock and unlock their accounts. Use this action to create a delegated password administrator.

UME.Manage_Users

Provides permissions to manage  users belonging to the same company as the administrator (such as search, create, modify, delete, lock, unlock, reset password, approve new user requests, and deny new user requests). To assign groups or roles to a user, you must have permission to modify groups or roles.

UME.Read_All

Enable a user to read user, group, and role profiles in all companies. It also provides the permissions to refresh the user cache of the AS Java.

UME.Read_Basic

For internal use only.

UME.Read_My_Profile

Provides nonadministrator users with permission to display their own personal user profile.

UME.Remote_Producer_Read_Access

(Relevant for federated portal only)

Provides permissions for remote users to read roles available on this producer portal.

UME.Remote_Producer_Write_Access

(Relevant for federated portal only)

Provides permissions for remote users to assign roles available on this producer portal. Does not include read-access.

UME.Spml_Read_Action

With this action a user can conduct searches and read the schema of the SPML interface.

UME.Spml_Write_Action

Provides full access to the SPML interface.

UME.System_Admin

Provides a system administrator with permission to change the UME configurations in the Web Dynpro user administration application, and the permissions to run the consistency check and repair tool.

UME.Selfregister_User

Provides permissions for users to enter data in the self-registration forms. Assign this action to a role assigned to the group Anonymous Users to enable self-registration for all unauthenticated users.

UME.User_Viewer

Provides permissions for users to view the public profiles of other users belonging to their own company with the user viewer iView.

UME.User_Viewer_All_Companies

Provides permissions for user to view the public profiles of all other users with the user viewer iView.