SAP systems within the SAP NetWeaver platform perform authorizations using a role-based identity management approach. This means that you assign authorizations to users based on the job they perform using the particular system.
The tools available for performing identity management functions depend on the type of installation you have. There are also tools for multiple systems. These tools and functions are described in the following sections:
In this section, we describe how to manage identities and the required access rights across multiple systems. The preferred tool for this is SAP NetWeaver Identity Management Identity Center.
In this section, we describe the authorization concept and the corresponding tools that are available for identity management with the AS ABAP:
¡ User maintenance (transaction SU01)
¡ Mass changes in user maintenance (transaction SU10)
¡ Role and authorization maintenance (transaction PFCG)
¡ Central User Administration (CUA)
¡ User Information System (transaction SUIM)
¡ Directory Server (transaction LDAP)
In this section, we describe authorization concept and the corresponding tools available with the user management engine (UME), which is the identity management provider for the AS Java. The user management concept along with the maintenance functions are described.