All installations of SAP NetWeaver Application Server (AS) Java include a set of standard user groups. Some of these groups are defined during installation and some are built in to the system.
Standard User Groups
Group |
AS ABAP Data Source |
Database Data Source |
Administrator user group
This user group contains the default user administrator. Users in this group have wide-ranging administrative access to the AS Java. |
SAP_J2EE_ADMIN This group represents an ABAP role in the AS ABAP |
Administrators |
Guest user group This group contains the default guest user. |
SAP_J2EE_GUEST This group represents an ABAP role in the AS ABAP |
Guests |
Built-in user groups are groups that the user management engine (UME) determines dynamically at runtime. They are not defined in the user data source. The table below lists the built-in user groups.
Built-In User Groups
Group |
Description |
Authenticated Users |
Contains all non anonymous users, that is, users that have to authenticate themselves on the AS Java. |
Anonymous Users |
Contains all named anonymous users that are listed in the ume.login.guest_user.uniqueids property in the UME properties. |
Everyone (or all) |
Contains all the users and groups on the server. |
You can change the display names and descriptions of the built-in user groups with UME properties. Changing the display name of these groups has no effects on roles already assigned to these groups. You do not have to reassign the roles to the new names.
More information: Configuring Groups' Name, Display Name, and Description.
You should not create groups with the names of the groups: Everyone, Authenticated Users, and Anonymous Users. If you create a group with one of these names through the native user interface of your directory service or database, you do not receive an error message, however, your user management will no longer function correctly. If you try to create a group with one of these names through the user administration console, you get an error message.
If you have groups with these names in your LDAP directory, the UME blocks reading them from the LDAP directory by default. The UME uses the configuration setting Unique Name of Blocked Groups to define which groups are blocked.
The Anonymous Users and the Authenticated Users are two mutually exclusive groups. All users belong to one of these two groups. The Everyone group includes all users. The following figure displays the relationship between the built-in user groups.
The Relation of Built-In User Groups