User
Management in cFolders
User Administration Tools
Tool |
Detailed Description |
Prerequisites/Comment |
Transaction SU01 in the SAP Web Application Server (SAP Web AS) |
SAP Library under SAP NetWeaver → Security (BC-SEC) → Identity Management → Users and Roles (BC-SEC-USR) → User Maintenance |
You need this transaction to create an initial cFolders administrator, that is, a user with the role “user administrator” (SAP_CFX_USER_ADMINISTRATOR). Thereafter, the use of this transaction is optional.
|
Local user administration in the cFolders application |
Solution management content for cFolders under Solutions → mySAP PLM → Configuration Structures → SAP cProject Suite 4.00 → Basic Settings for cFolders → Business Customizing → User Administration in cFolders |
You have created a user with the role “user administrator” and set up the required roles for cFolders in the SAP Web AS.
|
Central user administration using SAP User Management Engine (SAP UME) |
Solution management content for cFolders under Solutions → mySAP PLM → Configuration Structures → SAP cProject Suite 4.00 → Basic Settings for cFolders → Business Customizing → Central User Management: Integration with SAP UME
|
You have created a user with the role “user administrator” in the SAP Web AS.
|
Users and Passwords
The user with the role “user administrator” (SAP_CFX_ADMINISTRATOR) is responsible for creating users at the customer site. For more information about the roles used in cFolders, see Authorizations.
No users are delivered with the software.
Individual Users
Individual users in cFolders are dialog users. However, with the exception of users with the role “user administrator”, individual users are not authorized to execute any transactions in the SAP Web AS. Their authorizations are limited to the cFolders application.
This applies to users with a cFolders role only. It is also possible to combine the cFolders roles with other existing authorization roles. In this case, the user may have authorization for transactions in the SAP Web AS.
If you are using local user administration in the cFolders application, the user administrator creates individual users. The system then creates a password automatically for the initial logon and sends it to the user in an e-mail. Only user administrators are authorized to reset passwords and can see these functions in the cFolders system. If a password is reset, a new password is created automatically and sent to the user by e-mail. This session password is stored and encrypted as described in the SAP Web AS Security Guide on SAP Service Marketplace at service.sap.com/securityguide → SAP Basis / Web AS → SAP Web Application Server Security Guide (ABAP + JAVA) → SAP Web AS Security Guide for ABAP Technology → User Authentication → Authentication and Single Sign-On.
You also need passwords in cFolders for the WebEx meeting service and the FTP box, both of which are optional functions. These passwords are managed by the cFolders application and are stored using the ABAP Secure Store mechanism, which is described in more detail in the SAP Web AS Security Guide on SAP Service Marketplace at service.sap.com/securityguide → SAP Basis / Web AS → SAP Web Application Server Security Guide (ABAP + JAVA) → SAP Web AS Security Guide for ABAP Technology in the section “Secure Store and Forward Mechanisms (SSF) and Digital Signatures”.
If you are using SAP UME, the UME system logs on to cFolders with a user with the role “user administrator” and creates the required users in cFolders. Users created in this way do not have a password in the cFolders system, but they need a mySAP.com logon ticket for the UME.
For more information, see the following SAP Notes:
· 557350 - Generating SSO Tickets
· 701205 - EP6.0: Single Sign On using SAP Logon Tickets
· 550742 - FAQ: General Questions About Single Sign-On
Technical Users
In the standard cFolders scenario, no technical users are required. However, if you want to use the Supplier Relationship Management (SRM) integration, communication with the SRM system requires the service user “User ID in an RFC connection”. You set up this user when you configure a logical destination in transaction SM59 in the SAP Web AS. When you do this, you must provide a valid user ID and password, which enables the cFolders system to log on to the SRM system. The user ID of this user can be any valid cFolders ID. The password of the user is stored in the ABAP Secure Store mechanism, which is described in more detail in the SAP Web AS Security Guide in the section “Secure Store and Forward Mechanisms (SSF) and Digital Signatures”. For more information about the SRM integration, see the solution management content for cFolders under Solutions → mySAP PLM →Configuration Structures → SAP cProject Suite 4.00 → Basic Settings for cFolders → Business Customizing → Integration with mySAP SRM.