Show TOC Start of Content Area

 Administration of User Data  Locate the document in its SAP Library structure

The table below lists the recommended tools for managing the various principals (users and roles) in a complex system landscape.

Users

Use the tool for the system in which the user data resides.

      If you already manage users in a directory service with an LDAP administration tool, you can continue to use this tool.

      If your users reside in an ABAP system, use the user maintenance transaction SU01 of the CUA central system.

For more information, see User Maintenance with Active Central User Administration.

      If you use an AS Java system, you can manage users with identity management of the AS Java system.

For more information, see Administration of Users, Groups, and Roles.

Recommendation

Depending on your data source and how your systems are configured, you may not have write-access or only partial write-access to user data. In such cases we recommend that you manage user data with tools native to the data source, such as the ABAP transactions for user management.

Roles

A complex system landscape confronts you with a variety of roles from different systems.

UME Roles and JEE Security Roles

User management engine (UME) roles and JEE security roles are only relevant for AS Java systems. For UME roles, use identity management of the AS Java. Assign JEE security roles to UME roles as UME actions.

For more information, see Administration of Users, Groups, and Roles.

ABAP Roles and Portal Roles

If you have an ABAP system that does not interact with a portal or a portal system that does not interact with an ABAP system, you can manage roles in the host ABAP system or portal system.

      For ABAP roles, use transaction PFCG of the CUA child systems and assign ABAP roles to users in the CUA central system.

For more information, see Role Maintenance Functions and Assigning Roles.

      For portal roles, use identity management of the AS Java.

For more information, see User Administration.

When there is a portal integrated in your CUA system landscape you have some choices about how you create and assign ABAP and portal roles. You can manage ABAP and portal roles independently as described above, perform role management and role assignment in an integrated way. This entails transferring authorization or user assignment data from one system to the other.

For more information, see Integrated Role and User Administration.

End of Content Area