Creating Users (Step 2) (SAP Library - SAP NetWeaver Operations)

Creating Users (Step 2)

There are two types of users that are relevant for the set-up of data archiving:

● Technical communication user: Used in the HTTP connection between the application system(s) and XML DAS

● Individual administration user: Used to login to XML DAS Administration

An arbitrary number of users is possible. Both types of users must be known to the user management of the AS Java hosting XML DAS. For the technical communications users to be valid, they must be assigned to the security role XMLDASSecurityRole.

For the administration users to be valid they must be assigned to the UME roles SAP_ARCH_XMLDAS_VIEW (for read-only authorization) or SAP_ARCH_SUPERADMIN (for read/write/execute authorization).

The procedure for creating a user and assigning it to a security role depends on the installation option you chose for the SAP NetWeaver Application Server running the XML DAS (add-in – see User Management of Applications Server ABAP as Data Source or standalone – see Selecting the UME Data Source.) The following section describes which procedure you need to follow for which option.

Procedure

Add-in installation

1. Create a user or as many users as you like via the ABAP transaction SU01. For more information see Creating and Editing User Master Records.

a. For administration users: We recommend that you create a dialog user (type A).

b. For communication users: We recommend that you create a system user (type B) to prevent the password change request from terminating the system communication.

2. Assign the users you created to a role of your choosing using transactions SU01 or PFCG. You could create new roles for this purpose using transaction PFCG:

a. For administration users create role Z_XMLDAS_ADMIN for example

b. For communication users create role Z_XMLDAS_CLIENT for example

3. Assign the technical communications user to the security role XMLDASSecurityRole:

a. Start the Visual Administrator.

b. Select <your server> ® Services ® Security Provider.

c. In the Policy Configurations tab and under Components select sap.com/tc~TechSrv~XML_DAS*DataArchivingService.

d. Go to the Security Roles tab and select XMLDASSecurityRole.

e. Under Mappings use the Add function for Groups to search for the roles you created in step 2.

4. Assign the individual administration user role to either SAP_ARCH_XMLDAS_VIEW (for read-only authorization) or SAP_ARCH_SUPERADMIN (for read/write/execute authorization):

a. Call the User Management Engine (UME) and go to Identity Management.

b. Go to the Assigned Roles tab strip.

c. Under Available Roles find the roles you want to assign and use Add to assign the appropriate roles to the user according to the authorization level the user needs.

For more information see Assigning Principals to Roles or Groups.

Standalone AS Java installation (assuming the users are stored in the database of the AS Java)

...

1. Create a user or as many users as you like using the UME (for more information see Administration of Users, Groups, and Roles). If you are creating an administration user, the security policy setting should be Default. If you are creating a technical communications user the security setting should be Technical User.

2. Assign the technical communications user to the Security Role XMLDASSecurityRole as described in step 3 above.

3. Assign the individual administration users to the appropriate roles, as described in step 4 above.

Result

You have created the necessary technical communications and individual administration users and assigned them to the security role XMLDASSecurityRole for your type of AS Java installation.