To connect from the user management engine (UME) to an ABAP-based System using RFC (with or without Secure Network Communications), the UME needs a system user with which to establish the connection.
If you want to configure an AS Java installation to use an AS ABAP as its data source, you must create this user in the AS ABAP manually. The system user must fulfill the following requirements:
- User ID: We recommend that you use the logon ID SAPJSF
_<SAPSID_of_AS_Java> . You can use any password.
- User Type: The user must be of type system.
- Authorization: The user requires authorizations for read access to user data, for authenticating remote users, and RFC authorizations.
As of release 6.20, the AS is shipped with two roles that provide the required authorizations. The role you use depends on whether changes to administrative data or creation of new users from the UME are required or not.
- SAP_BC_JSF_COMMUNICATION_RO provides all authorizations for read access to user data, for authenticating remote users, and several low-level RFC authorizations. For example, users can still change their own password. This role provides sufficient authorization if you do not want to perform administrative changes from the UME: for example, add a new user or change a last name.
- SAP_BC_JSF_COMMUNICATION is the same as the above role, but additionally provides authorization to modify and delete all user-related data.
Make sure that you have maintained the authorization data and generated the profiles of the role that you are using. For information on how to generate profiles, see the AS ABAP documentation.
- SNC name: If you wan to enable Secure Network Communication (SNC), you must assign the system user the SNC name of the AS Java on which the UME runs. You can find the SNC name of the AS Java by checking the value of the UME property ume.r3.connection.master.snc_myname .
- Language: The language with which the service user is logged on to the ABAP-based system should be the same language that an administrator would use when logging on using an SAP GUI. The language of the user is particularly important if the back-end system uses characters outside the ASCII set, for example, a double-byte system with Japanese data. In this case, the language must be configured properly, or data coming from the back-end system is not displayed correctly in the UME user interfaces.
You can set the language either with the UME property ume.r3.connection.master.lang or in the user master record in SU01 . The value in the UME property overrides the setting in the user master record.
Editing UME Properties
Configuring SNC Between the UME and an ABAP-Based System