Configure the user management engine (UME) to support companies.

• If your data source is SAP NetWeaver Application Server (AS) ABAP, the UME automatically reads the user groups of the AS ABAP and implements them as companies in the AS Java.

  To manage ABAP groups on the AS ABAP, use transaction SUGR.

   Note

  • If you change the ABAP groups, you must restart the AS Java to make the changes visible in the UME.

  • If you do not want the UME to implement the ABAP user groups as companies, you must disable it.

    For more information, see Disabling Companies for an ABAP Data Source.

  End of the note.

• If your data source is the database of the AS Java or an LDAP directory, you must set the required UME properties.

  For more information, see Editing UME Properties.

  You must always set the UME property ume.tpd.companies.

  • To configure one company and guest users, set ume.tpd.companies=1.

    Allows for self-registration and approval process. All approved users belong to the same company. Guest users are users who do not belong to the company or are awaiting approval.

  • To configure companies internal, external, and guest users, set ume.tpd.companies=2 or configure companies with names of your choice and guest users, set ume.tpd.companies=<list of companies>. Separate company names with commas (,).

    Allows for self-registration and approval process. All approved users belong to a company. Guest users are users who do not belong to a company or are awaiting approval. Use this configuration to allow external users, such as suppliers, limited access.

To show company groups, set the following UME properties:

• ume.company_groups.enabled=TRUE

• ume.company_groups.guestusercompany.enabled=TRUE

To define a delegated user administrator:

• Either move an existing administrator to the company or create a new administrator in the company.

   Note

  Delegated user administration on an AS ABAP does not require the delegated user administrator to be a member of the user group for which he or she is responsible. This contrasts with delegated user administration on an AS Java, where the delegated user administrator must be a member of the company for which he or she is responsible. If you want to use delegated user administration on the AS Java, delegated user administrators must be members of the ABAP groups you intend them to administrate.

  End of the note.

• Assign delegated user administrators to delegated user administration roles.

  • If you are setting up delegated user administration in the portal, use the portal role called Delegated User Admin with the ID pcd:portal_content/administrator/user_admin/delegated_user_admin_role.

  • Otherwise assign a role with company-specific UME actions.

   Note

  If the following is true:

  • Your data source is an AS ABAP.

  • Your data source is configured to use an RFC destination for changes.

  To enable a delegated user administrator to manage a company, you must assign administrators the ABAP authorization object User Master Maintenance: User Groups (S_USER_GRP) for the ABAP user group in question.

  End of the note.

Assign users to companies using the following methods:

• In the role of overall user administrator, create new users in companies and move existing users into companies.

   Note

  You can assign users to ABAP groups on the AS ABAP with transaction SU01. Enter the group on the Logon Data tab in the User group field.

  End of the note.

• Enable users to request membership in a company during self-registration. Delegated user administrators must approve the requests.

• In the role of overall user administrator, import new users and use the org_id attribute to assign a company.

   Example

  Import the following data for a user:

  [User]

  uid=miguelasantos

  password=s3cur3P@ssword

  email_Address=miguela.santos@example.com

  first_name=Miguela

  last_name=Santos

  org_id=marketing

  End of the example.