Configuring the UME to Use the Current User for Change Operations 

Use

Use this procedure to enable SAP NetWeaver Application Server (AS) ABAP to log who changed ABAP user master data (create, modify, and delete). When you install a combined AS Java and AS ABAP installation, the user management engine (UME) uses the RFC destination UMEBackendConnection by default. With this destination, any changes to user master data using the UME are logged as changes made by the system user for UME-ABAP communication. To allow for granular control of authorizations for user modification, create an RFC destination to support this.

Prerequisites

·        The AS Java is configured to use an AS ABAP as the data source.

·        The AS ABAP data source is SAP NetWeaver Application Server 6.20 SPS 38 or higher.

Procedure

...

       1.      Create an RFC destination for the AS ABAP system with the authentication method Current User (Assertion Ticket).

 

We recommend that you name this destation UMEBackendConnectionForChanges.

More information: Maintaining RFC Destinations.

       2.      On the AS ABAP, assign the role SAP_BC_JSF_COMMUNICATION_NAMED to all users, who change ABAP user master data with the UME.

 

This role includes the RFC authorizations for the AS ABAP. It does not include authorizations for managing users. You must assign these authorizations separately.

       3.      On the AS Java, start UME configuration.

More information: Configuring Identity Management.

       4.      Choose Modify Configuration.

       5.      In the ABAP Server tab, enter the RFC destinations as required.

       6.      Choose Validate Configuration.

If the test fails, check your connection parameters.

       7.      Save your changes.

       8.      Restart the AS Java.