Identity ManagementUsers and Roles (BC-SEC-USR)SAP Authorization ConceptOrganizing Authorization AdministrationOrganization if You Are Using the Profile GeneratorSetting Up AdministratorsAuthorization Objects Checked in Role MaintenanceRole MaintenanceSetting Up Role MaintenanceRole Maintenance FunctionsChanging Standard RolesCreating Single RolesCreating Role MenusAssigning UsersAssign MiniAppsPersonalization Tab PageCreating Composite RolesDeriving Roles and Copying AuthorizationsAuthorization Checks when Adjusting Derived RolesComparing and Adjusting Role MenusGenerating Authorization ProfilesRegenerate the Authorization Profile Following ChangesMerge Function for the Authorization Data of PFCG RolesPerforming a Mass Generation of ProfilesEditing Predefined AuthorizationsSymbols and Status Text in Authorization MaintenanceCopying Authorizations From TemplatesRole Maintenance: ExampleRole Maintenance: Tips and TricksIndirect Role Assignment Using HR-ORGAssigning a Role IndirectlyIndirect Role Assignment in a System LandscapeDistributing the HR-ORG ModelCreating an HR-ORG Distribution Model in the Sending SystemGenerating Partner Profiles of the HR-ORG Distribution ModelCreating an Outbound Filter with Customer ExitActivating Change PointersWriting Change Pointers for Infotype 0105Distribute HR-ORG-Model (Initial Distribution)Distribute Changes to the HR_ORG ModelOrganization without the Profile GeneratorCreating and Maintaining Authorizations/Profiles ManuallyLine-oriented AuthorizationsAdministration TasksMaintaining Authorization ProfilesSimple and Composite ProfilesDefining Profiles and AuthorizationsAlternative AuthorizationsChoosing Authorization ObjectsMaintaining Composite ProfilesActivate profilesNaming Convention for Predefined ProfilesMaintaining AuthorizationsCreating and Maintaining AuthorizationsEntering ValuesActivating AuthorizationsNaming Convention for SAP AuthorizationsProtective Measures for Special ProfilesAuthorization Profile SAP_ALLAuthorization Profile SAP_NEWAssigning AuthorizationsAuthorization ChecksReducing the Scope of Authorization ChecksPreparatory StepsGlobally Deactivating Authorization ChecksReducing Authorization Checks in ApplicationsSearching for Deactivated Authority ChecksEditing Templates for General AuthorizationsComparing Check Indicators/Field Values After UpgradeCheck IndicatorsTransporting Authorization ComponentsTransporting and Distributing RolesTransporting Manually-Created ProfilesTransporting Manually-Created AuthorizationsTransporting Authorization Objects and ClassesTransporting a User Master RecordTransporting Check Indicators and Field ValuesLoading or Storing Check Indicators and Authorization Default VaTransporting TemplatesAnalyzing Authorization ChecksAnalyzing Authorizations using the System TraceAuthorization Checks in Your Own DevelopmentsCreating Authorization FieldsAssigning an Authorization Object to an Object ClassProgramming Authorization ChecksUser MaintenanceUser Maintenance FunctionsCreating and Maintaining User Master RecordsLogon Data Tab PageSNC Tab PageRoles Tab PageProfiles Tab PageGroups Tab PagePersonalization Tab PageLicence Data Tab PageCopying UsersPersonalizing User or RoleChanging the Standard Company AddressCentral Repository for Personalization DataUse of the Generic RepositoryImplementing a DialogIntegrating External TablesRegistering Personalization ObjectsAssigning RolesMass ChangesLogon and Password Security in the SAP SystemPassword RulesProfile Parameters for Logon and Password (Login Parameters)Customizing Switches for Generated PasswordsLogging Off Inactive UsersMaintaining User Defaults and OptionsComparing User Master RecordsSpecial Functions of User and Role MaintenanceCreate and Maintain Internet UsersAssign a Standard Role to a UserCentral User AdministrationSetting Up Central User AdministrationCreating an Administration UserSetting Up Logical SystemsDefining/Setting Up a Logical SystemAssigning a Logical System to a ClientSystem Users and RFC DestinationsDefining Authorizations for System UsersDetermining Existing RFC Destinations and System UsersCreating System UsersCreating an RFC Destination for the Target SystemSystem Users and RFC Destinations with Trusted SystemsCreating RFC Destinations for the Target System with a Trusted SCreating the Central User AdministrationSetting Up Field Distribution ParametersSynchronizing and Distributing Company AddressesSynchronizing User GroupsTransferring Users from New SystemsDisplaying and Processing Distribution LogsOperating Central User AdministrationUser Maintenance with Active Central User AdministrationAssigning Passwords with Active Central User AdministrationSending User Master Data to a Child SystemPerforming a Text Comparison with Target System SpecificationError AnalysisChecking the Setup of Central User AdministrationCreating an ALE Model Including Partner Profiles ManuallyCreating the ALE Distribution ModelGenerating Partner ProfilesChecking Partner ProfilesCorrecting Errors in Partner ProfilesDistributing the Model ViewOther Error SourcesActivated Background ProcessingChanging Partner Profiles with Active Background ProcessingCreating a Background UserRemoving Central User AdministrationRemoving a Child System from Central User AdministrationRemoving Central User Administration CompletelyGlossaryApplication Link Enabling (ALE)ALE LandscapeALE Integrated SystemUser Master RecordAuthorizationAuthorization ProfileBackground ProcessingIDocSystem UserLogical SystemPartner ProfileProfileProfile GeneratorRemote Function Call (RFC)RoleChild SystemDistribution ModelCentral User Administration (CUA)Central SystemUser Information SystemDetermining Users with the Users NodeDetermining Cross-System InformationUsers by Complex Selection Criteria (RSUSR002)By Critical Combinations of Authorizations at Transaction StartBy Logon Date and Password Change (RSUSR200)With Critical Authorizations (RSUSR009)With Critical Authorizations (New Version, RSUSR008_009_NEW)Determining Roles, Profiles, Authorizations, and Authorization ODetermining Transactions (RSUSR010)Comparing Cross-System Users, Authorizations, Roles, and ProfileCreating Where-Used Lists for Roles (RSUSR002)Creating Where-Used Lists for Profiles (RSUSR002)Creating Where-Used Lists for Authorizations (RSUSR002)Creating Where-Used Lists for Authorization Values (RSUSR002)Creating Where-Used Lists for Authorization Objects (RSUSR002)Determining Change DocumentsCreating a User-Specific Result ListFirst Installation ProcedureProtecting Special UsersSecuring User SAP* Against MisuseProtecting User DDIC Against Unauthorized AccessSecurity in System GroupsUpgrade ProcedureSource Release with the Profile Generator (> SAP R/3 3.0F)Migrate Report TreesUser Management EngineAdministration of Users, Groups, and RolesDefault GroupsActivating the Emergency UserUser Administration ConsoleUser ProfileManaging Users, Groups, and RolesAssigning Objects to Roles or GroupsPassword ManagementLocking or Unlocking UsersApproving or Rejecting UsersCreating a Technical UserSelf-RegistrationDelegated User AdministrationImport and Export of User Management DataUME Object Data ImportUME Object Data ExportStandard FormatUsersGroupsRolesUME ConfigurationUME Data SourcesInstallation OptionsPreconfigured Data Source CombinationsDatabase Only as Data SourceLDAP Directory as Data SourceOrganization of Users and Groups in LDAP DirectorySAP NetWeaver AS ABAP User Management as Data SourceData Source Configuration FilesRequirements for System User SAPJSF_<SID> in ABAP SystemsChanging the AS for ABAP Backend SystemConfiguring UME to Use an LDAP Server as Data SourceEntering the Connection Data for the LDAP ServerUME LDAP Configuration ToolVerifying Your ConfigurationChanging the Administrator User in Secure StorageConfiguring High Availability of the LDAP Data SourceCustomizing a UME Data Source ConfigurationData Source TypesHome Data SourceData Partitioning ScenariosNamespacesStructure of a Data Source Configuration File<dataSources><homeFor> and <notHomeFor><responsibleFor> and <notResponsibleFor><attributeMapping>Attribute Mapping for Client Certificates<privateSection>Examples of Data Source Configuration FilesExample: Type-Based Data PartitioningExample: User-Based Data PartitioningExample: Attribute-Based Data PartitioningConfiguration of More Than One LDAP Data SourceLDAP Only: Multiple Object Classes for a Principal TypeLDAP Only: Negative User FilterEditing UME Properties and FilesEditing UME PropertiesEditing UME Configuration FilesSecurity PolicyNotification by E-MailChanging the Texts of Notification E-MailsConfiguring Log on With AliasLogon Screen CustomizationCompaniesCompany GroupUsing a Trading Partner Directory Implementation for CompaniesCompanies and Self-Registration with ApprovalDelegated User Administration Using CompaniesConfiguration of Delegated User Administration Using CompaniesMoving a User to Another CompanyDefining Virtual GroupsAdding Custom Attributes to the User ProfileMultitenant PortalAdditional Customizing OptionsCustomizing Users' Display NameCustomizing Groups' Name, Display Name, and DescriptionCustomizing the Set of Available LanguagesCustomizing Simple SearchLogging and TracingWhat is Logged?Directory Server Access LogDirectory Server Connection Pool LogUME ReferenceLogical AttributesStandard UME ActionsPreconfigured Data Source CombinationsUME PropertiesSAP* SuperuserDefault GroupsData SourceSAP ABAP-Based System as Data SourceLDAP Directory Data SourceLDAP Directory: Connection PoolingLogonLogon TicketLogoffUser MappingAdministrationSecurity PolicyE-Mail NotificationCompaniesUsersSecurity AuditSimple SearchVirtual GroupsMultitenancyUsers and Authorizations on the J2EE EngineConcept of Interchangeable User StoresUser Management EngineDBMS User StoreManaging User Stores Using the Visual AdministratorUser Store ConfigurationChanging User Store Configuration OptionsManaging User Store Login ModulesUser and Authorization AdministrationAdministration of Users, Groups, and RolesDefault GroupsActivating the Emergency UserUser Administration ConsoleUser ProfileManaging Users, Groups, and RolesAssigning Objects to Roles or GroupsPassword ManagementLocking or Unlocking UsersApproving or Rejecting UsersCreating a Technical UserSelf-RegistrationDelegated User AdministrationImport and Export of User Management DataUME Object Data ImportUME Object Data ExportStandard FormatUsersGroupsRolesJ2EE Engine User Management Using the Visual AdministratorManaging UsersCreating and Removing UsersManaging User CertificatesViewing User InformationManaging GroupsSecurity Roles ManagementArchitecture of Security RolesApplying Security Constraints to a Security RoleMapping Users and GroupsModifying the Default Administrator UserManaging ResourcesDirectory Services (BC-SEC-DIR)LDAP ConnectorMaintaining the Directory ServerConfiguring the LDAP ConnectorConfiguring Connection Data for the Directory ServiceDefine System User of the Directory ServiceLDAP Connector InterfaceLogging On to the Directory ServiceCalling LDAP Protocol FunctionsSynchronization of SAP User Administration with an LDAP-CompatibMapping SAP Data Fields to Directory AttributesMapping and Synchronization ProcessSchema ExtensionGenerate Schema ExtensionMapping SAP Data Fields to Directory AttributesMapping with a Function Module (Linking Type)Mapping Indicator Versus Synchronization IndicatorSetting Mapping IndicatorsSetting Synchronization IndicatorsPreparing and Starting SynchronizationSynchronization Report RSLDAPSYNC_USER: ExamplesAdminister Synchronization LogIdentity Management Developer DocumentationUsing Security Roles or UME Permissions in ApplicationsSecurity RolesArchitecture of Security RolesPermissions, Actions, and UME RolesTutorials for Using Roles and Permissions in ApplicationsOverview of the Tutorials
Protecting Access to a J2EE-Based Application Using J2EE SecuritProtecting Access to a J2EE-Based Application Using UME PermissiProtecting Access to the Web Dynpro Application Using UME PermisUser Management EngineSAP Web AS JavaAuthenticationSAP Enterprise PortalLoginModule ExampleCustomized Password AuthenticationCustomized Authentication ImplementationConfigure the Portal for Customized AuthenticationChanging the Logon ScreenAdvanced Authentication ExampleUserService UserRoleGroupSearching for Users, Roles and GroupsUser MappingAccess Control List (ACL)