Show TOC Entering content frame

Background documentation Identity Management for Application Server Java Locate the document in its SAP Library structure

Getting Started

The administrator user, created during installation, depends on the data source used by the User Management Engine (UME). To determine which administrator user you can log on with, see Structure linkStandard Users.

The UME provides the user management functions for Java applications. To familiarize yourself with the UME, see Structure linkUser Management Engine.

Authorizations to use Java applications are either provided by J2EE security roles or by UME actions. To familiarize yourself with the concepts involved, see Structure linkSecurity Roles and Structure linkPermissions, Actions, and UME Roles.

Tools

You can use the following tools for user administration on the SAP NetWeaver Application Server for Java:

     Structure linkIdentity Management (also known as the user administration console)

     Structure linkSecurity Provider service of the Structure linkVisual Administrator

Recommendation

We recommend that you use Identity Management.

Restrictions

The data source used by the UME imposes some restrictions on identity management. See the information relevant for your data source:

     Structure linkLDAP Directory as Data Source

     Structure linkSAP NetWeaver AS ABAP User Management as Data Source

Tasks on Demand

The table below shows tasks that you need to perform when required:

Reason

Task

More Information

Activate the emergency user (SAP*)

Structure linkActivate the emergency user.

Use the emergency user if all administrator users are locked or you cannot log on to any applications because of incorrect configuration.

Create, modify, or delete users, groups, or UME roles.

Structure linkManaging Users, Groups, and Roles.

Recommendation

We recommend that you do not delete users, rather lock the user and set the expiration date of the account. Only delete a user after a period of time in accordance with your local auditing regulations.

Lock or unlock users

Structure linkLock or unlock users using the UME administration console.

None

Setting, resetting, or disabling a user password.

Structure linkManage user passwords.

None

Assign users or groups to groups or UME roles

Structure linkAssigning Objects to Roles or Groups.

None

Import user management data

See Structure linkUME Object Data Import.

Use this function for mass operations.

Export user management data

See Structure linkUME Object Data Export.

Integrated into Identity Management

Map J2EE security roles to users or groups

Structure linkMap J2EE security roles to users or groups using the Visual Administrator.

None.

Manage resources

Structure linkManage resources using the Visual Administrator.

This enables you to allow or restrict user access to specific security-sensitive parts of the server.

Periodic Tasks

The table below shows tasks that you need to perform periodically:

Frequency

Task

Recommended Tool

Daily

Approve or reject newly registered users

Structure linkUME administration console.

Note

This function is only available if you have set up user management accordingly. See Structure linkCompanies and Self-Registration with Approval.

 

See also:

If you have an Enterprise Portal in your installation, you also have to manage portal roles. For more information on portal roles, see:

     Structure linkCreating and Changing Roles and Worksets

     Structure linkRole and User Distribution to the SAP System

     Structure linkUpload of Roles from ABAP-Based Systems

Leaving content frame