Show TOC

Identity ManagementLocate this document in the navigation structure

Purpose

SAP systems within the SAP NetWeaver platform perform authorizations using a role-based identity management approach. This means that you assign authorizations to users based on the job they perform using the particular system.

Features

The tools available for performing identity management functions depend on the type of installation you have. There are also tools for multiple systems. These tools and functions are described in the following sections:

  • Identity Management for System Landscapes

    In this section, we describe how to manage identities and the required access rights across multiple systems. The preferred tool for this is SAPNetWeaverIdentityManagementIdentityCenter.

  • Identity Management of the Application Server ABAP

    In this section, we describe the authorization concept and the corresponding tools that are available for identity management with the AS ABAP:

    • User maintenance (transaction SU01)
    • Mass changes in user maintenance (transaction SU10)
    • Role and authorization maintenance (transaction PFCG)
    • Central User Administration (CUA)
    • User Information System (transaction SUIM)
    • Directory Server (transaction LDAP)
  • Identity Management of the Application Server Java

    In this section, we describe authorization concept and the corresponding tools available with the user management engine (UME), which is the identity management provider for the AS Java. The user management concept along with the maintenance functions are described.