The table below lists the recommended tools for managing the various principals (users and roles) in a complex system landscape.
Use the tool for the system in which the user data resides.
For more information, see User Maintenance with Active Central User Administration .
For more information, see Administration of Users, Groups, and Roles .
Depending on your data source and how your systems are configured, you may not have write-access or only partial write-access to user data. In such cases we recommend that you manage user data with tools native to the data source, such as the ABAP transactions for user management.
A complex system landscape confronts you with a variety of roles from different systems.
UME Roles and JEE Security Roles
User management engine (UME) roles and JEE security roles are only relevant for AS Java systems. For UME roles, use identity management of the AS Java. Assign JEE security roles to UME roles as UME actions.
For more information, see Administration of Users, Groups, and Roles .
ABAP Roles and Portal Roles
If you have an ABAP system that does not interact with a portal or a portal system that does not interact with an ABAP system, you can manage roles in the host ABAP system or portal system.
For more information, see Role Maintenance Functions and Assigning Roles .
For more information, see User Administration .
When there is a portal integrated in your CUA system landscape you have some choices about how you create and assign ABAP and portal roles. You can manage ABAP and portal roles independently as described above, perform role management and role assignment in an integrated way. This entails transferring authorization or user assignment data from one system to the other.
For more information, see Integrated Role and User Administration .