Setting Up Privileges, Roles, and Groups
This is a configuration step that you have to perform to manually configure SAP NetWeaver Development Infrastructure (NWDI) only in case the automatic configuration fails.
The configuration wizard uses the described roles and groups in NWDI. Here you find information about manually performing this step.
1. Default roles
In the User Management Engine (UME) you should be able to find the security roles SAP_DI_ADMINISTRATOR and SAP_DI_DEVELOPER . If such are missing you have to create them.
2. Create default users and groups
Create the following NWDI default users:
-
NWDI_ADM - for administrative purposes.
-
NWDI_DEV - for developers.
-
NWDI_CMSADM - communication user for all NWDI server components .
Create the following NWDI default groups, such as:
-
NWDI.Administrators - for administrators.
-
NWDI.Developers - for developers.
3. Manage user assignment
-
Assign the user NWDI_ADM and NWDI_CMSADM to NWDI.Administrators .
-
Assign NWDI_DEV to NWDI.Developers .
4. Manage roles and groups mapping
-
Map the group NWDI.Administrators to roles SAP_DI_ADMINISTRATOR and SAP_SLD_ORGANIZER .
-
Map the group NWDI.Developers to roles SAP_DI_DEVELOPER and SAP_SLD_DEVELOPER.
5. (DTR Relevant Only) Manage DTR Access Control List (ACL) setting
The usage of DTR ACLs is relevant only for the DTR server used in a distributed environment.
-
For the DTR root"/", assign group NWDI.Administrators *all* privileges, and assign group NWDI.Developers *read/write/checkin* privileges.
-
For the DTR folder "/system-tools/administration", assign group NWDI.Administrators *all* privileges with "ignore-inheritance".
-
For the folder "/sysconfig" assign group NWDI.Administrators *all* privileges with "ignore-inheritance".
-
For the folder "/ws/system " assign group NWDI.Administrators *all* privileges with "ignore-inheritance".