Setting Up Users for Data
Extraction
Use
You use the special security role CAFBWAdministrator to execute the data extraction process from SAP BW. As a result, you can take advantage of the security functionality provided by CAF Core to organize authorizations between SAP BW and the J2EE service.
You use a SAP BW processor bean (BWProcessorBean) for the CAF and SAP BW extraction process. The bean descriptor contains all the methods that were previously defined to correctly execute actions triggered by any user mapped to the CAFBWAdministrator security role.
The administrator security role, which is not stored in the UME, can be mapped to any role or user from the UME of the J2EE server. By default, the CAFBWAdministrator security role is also mapped to an administrator role. As a result, you will need to define business rules for the administrator role or user.
If the CAFBWAdministrator security role is mapped to a role or group, then the first user or user in the group with this role will be selected at the start of the extraction process. This is standard J2EE security policy.
Prerequisites
You have configured
business rules for each entity service you will use to extract data from SAP
BW with the
authorization tool
in the CAF Runtime Configurator. You have set users, roles or groups to have
security credentials necessary to access entity service content. You have also
given some users authorization for the SAP BW extraction process.
Procedure
1. Launch the J2EE Visual Administrator.
2. Choose Server → Services → Security Provider → Runtime → Policy Configurations.
3. Select the sap.com/caf~bw~ear*sap.com~caf~bw~services.jar component, then choose Security Roles.
CAFBWAdministrator is listed in the Security Roles window.
4. Choose Modify to change mapping of this role on the J2EE server or set a “run-as identity” for any needed user.
5. To set a single user, a set of users or groups as mapping for the CAFBWAdministratorrole, enable Role Type → Security Role and define users or groups as needed.
If you want to run an extraction process under a special user, you should add this user to the users list and choose Change under Run-As Identity.