User Management
In SAP NetWeaver Gateway, users and their authentication are managed using standard SAP mechanisms as well as consumer-specific server tools.
You can import users' data such as, roles, users and their authorizations from your SAP back-end system to the SAP NetWeaver Gateway host, or you can use SAP Identity Management Center to manage users' data between your SAP systems.
User Administration
SAP NetWeaver Gateway utilizes the user and role administration functions of SAP NetWeaver Application Server ABAP. Each user has a user master record that contains all the information about that user.
In addition, the user master record consists of the authorizations included in roles and profiles that limit the scope of action of the user in the system.
The tools for user and role maintenance are as follows:
-
For user maintenance, use transactions SU01, or SU10.
-
For role maintenance, use transaction PFCG.
-
In Central User Administration, you can use the transactions PFCG, SM59, SU01, SCUA, SCUM, SCUG, SUGR, and SCUL.
The following is an overview of the user management in SAP NetWeaver Gateway:
-
Gateway uses local ABAP user management.
-
SAP NetWeaver Gateway users can be synchronized from a central User Management system such as, the SAP Identity Provider (SAP ID Management) or an external LDAP server.
-
SAP NetWeaver Gateway users should have user names that are identical to their user names in the SAP Business Suite system.
-
User Mapping
-
Scenarios with external user mapping:
SAP NetWeaver Gateway user name is defined in the user store of the LDAP server.
SAP NetWeaver Gateway user name is identical to the NameID attribute value in the SAML assertion.
-
Scenarios with user mapping on SAP NetWeaver Gateway:
NameID attribute value in SAML assertion is mapped to the Gateway user name.
X.509 client certificate's subject is mapped to the SAP NetWeaver Gateway user's name.
-