Show TOC Anfang des Inhaltsbereichs

Vorgehensweisen Configuring Virtual Groups  Dokument im Navigationsbaum lokalisieren

Use

Use virtual groups to automatically assign users to User Management Engine (UME) groups based on the value or values of a single attribute. In the UME properties, you define which attribute to use and which values you want to use to form groups. You can even configure virtual groups to support multiple values for when you want to enable users to have membership in more than one virtual group.

These groups exist only in the Java database. The unique name and unique ID for the virtual group consists of the prefix and name, which you configure with UME properties.

Achtung

If you change the unique name of a virtual group by either editing the prefix or the name entry itself, you create a new virtual group. Any existing role assignments to the old virtual group name is lost.

Prerequisites

      Any mapping between the attribute in the Java database and a directory server must already be configured in the data source configuration file. For more information, see Customizing a UME Data Source Configuration.

      This procedure requires you to restart the SAP NetWeaver Application Server (AS) Java, so you should plan for the required down time while the AS Java restarts.

Procedure

...

       1.      Determine the attribute to use for the basis of the virtual groups.

Beispiel

You can group your users by language.

       2.      Determine the values to use to form the virtual groups.

You do not need to create a group for every possible value the attribute can have.

       3.      Configure the UME properties for virtual groups.

¡        To select the attribute, configure ume.virtual_groups.user_attribute.

¡        Enter the namespace of the attribute in ume.virtual_groups.user_attribute.namespace. The namespace for the default user attributes is com.sap.security.core.

¡        Enter the values to use for the virtual groups in ume.virtual_groups.names.

¡        Enter the prefix to use for the virtual goups in ume.virtual_groups.name_prefix.

Using a prefix ensures the virtual groups are displayed together in a search result. The prefix also helps to ensure that the group names do not conflict with those of other established groups.

¡        If the attribute you configured supports multiple values, you can enable users to be members of multiple virtual groups, by setting the property ume.virtual_groups.user_attribute.multivalue.

Hinweis

Attribute names and value names for the virtual groups should match exactly.

For more information about editing UME properties, see Editing UME Properties.

For more information about the virtual group UMEproperties, see Virtual Groups.

       4.      Restart the AS Java.

Result

The UME determines group membership at runtime assigning users to groups whenever group membership information is requested.

Example

Lopa de Leeuw wants to create a virtual group for each campus her company has: Sheffield in the United Kingdom, and Josefiau and Lehen in Salzburg, Austria. She already mapped the location attribute in her company’s namespace to the location attribute in her company’s directory server.

...

       1.      Lopa defines the attribute and namespace to be used for the virtual groups in the UME properties:

ume.virtual_groups.user_attribute=location

ume.vitrual_groups.user_attribute.namespace=com.parhoon.exports

       2.      Lopa defines the names to be used for the virtual groups and the prefix:

ume.virtual_groups.names=Sheffield;Josefiau;Lehen

ume.virtual_groups.name_prefix=Campus_

       3.      Lopa restarts the AS Java.

The UME calculates membership in the virtual groups Campus_Sheffield, Campus_Josfiau, and Campus_Lehen based on the contents of the attribute location for users whenever it is required.

Ende des Inhaltsbereichs