Show TOC Start of Content Area

This graphic is explained in the accompanying text User Management  Locate the document in its SAP Library structure

SAP NetWeaver Portal uses the user management engine (UME) for user management. The UME can be configured to work with user management data from multiple data sources, for example, an LDAP directory, database of SAP NetWeaver Application Server (AS) Java, or AS ABAP system.

The UME is integrated as a service of the AS Java. Therefore you can use the user management tools of the AS Java to manage users.

For more information, see the following:

·        User Management Engine 

·        Integration of User Management in Your System Landscape 

User Management Tools

Tool

Description

Identity management

Enables you to manage users, groups, roles, and user-related data. It is available either as a standalone Web-based tool or as a series of iViews integrated in the User Administration role in the portal.

Fo more information, see Identity Management.

User mapping function

Enables you to map users’ portal user IDs and passwords to the corresponding user ID in systems connected to the portal to enable Single Sign-On (SSO). If you use SSO with logon tickets, you only need user mapping if the user IDs in the portal and back-end systems differ.

Recommendation

Configuring user mapping between the portal and Business Server Page (BSP) systems exposes a security risk where the user ID and password is exposed in the HTTP header. You have the following options to eliminate this risk:

·        Reconfigure the systems to use single sign-on with logon tickets. This requires that users have the same user ID in the portal as well as in the BSP systems.

      Upgrade the BSP system as described in SAP Note 904249. This enable the BSP system to support HTTP POST in combination with SSL.

For more information, see Accessing Back-End Systems with a Different User ID.

Tool for distributing portal roles to ABAP systems

Role and User Distribution to the SAP System.

Tool for uploading objects such as roles and transactions from ABAP systems to the portal

Uploading Roles from Back-End Systems

Default Users

The portal uses the same administrator, guest, and emergency users as AS Java. It also uses the same communication users.

For more information, see Standard Users.

Note

After installation, the standard administrator user is by default assigned to the standard Administrators group, which is in turn assigned to the standard Super Administrator role. The Super Administrator role has extensive permissions, users associated to this role should not be used in normal operation.

For more information, see Portal Roles.

In addition, the portal uses the following internal service users. These users are all used internally in the portal and should not be deleted. However, if you do delete one of these users by mistake, the system automatically creates the deleted user at the next startup of the portal.

User

Delivered?

Type

Detailed Description

pcd_service

Created during startup.

Internal service user

User to authenticate against the Portal Content Directory (PCD) service, for example to create ACLs.

config_fwk_service

Created during startup.

Internal service user

User that the configuration service (a portal core application) uses to perform any configuration operation such as deployment.

ume_service

Created during startup.

Internal service user

User with extensive permissions that the UME uses to request role data from the PCD.

 

End of Content Area