The administrator user, created during installation, depends on the data source used by the User Management Engine (UME). To determine which administrator user you can log on with, see Standard Users.
The UME provides the user management functions for Java applications. To familiarize yourself with the UME, see User Management Engine.
Authorizations to use Java applications are either provided by J2EE security roles or by UME actions. To familiarize yourself with the concepts involved, see Security Roles and Permissions, Actions, and UME Roles.
You can use the following tools for user administration on the SAP NetWeaver Application Server for Java:
● Identity Management (also known as the user administration console)
● Security Provider service of the Visual Administrator
We recommend that you use Identity Management.
The data source used by the UME imposes some restrictions on identity management. See the information relevant for your data source:
● LDAP Directory as Data Source
● SAP NetWeaver AS ABAP User Management as Data Source
The table below shows tasks that you need to perform when required:
Reason |
Task |
More Information |
Activate the emergency user (SAP*) |
Use the emergency user if all administrator users are locked or you cannot log on to any applications because of incorrect configuration. |
|
Create, modify, or delete users, groups, or UME roles. |
We recommend that you do not delete users, rather lock the user and set the expiration date of the account. Only delete a user after a period of time in accordance with your local auditing regulations. |
|
Lock or unlock users |
Lock or unlock users using the UME administration console. |
None |
Setting, resetting, or disabling a user password. |
None |
|
Assign users or groups to groups or UME roles |
None |
|
Import user management data |
Use this function for mass operations. |
|
Export user management data |
Integrated into Identity Management |
|
Map J2EE security roles to users or groups |
Map J2EE security roles to users or groups using the Visual Administrator. |
None. |
Manage resources |
Manage resources using the Visual Administrator. |
This enables you to allow or restrict user access to specific security-sensitive parts of the server. |
The table below shows tasks that you need to perform periodically:
Frequency |
Task |
Recommended Tool |
Daily |
Approve or reject newly registered users |
This function is only available if you have set up user management accordingly. See Companies and Self-Registration with Approval. |
If you have an Enterprise Portal in your installation, you also have to manage portal roles. For more information on portal roles, see:
● Creating and Changing Roles and Worksets