CUA System Landscape with J2EE Engine(s)

Description

In this scenario, you are operating a Central User Administration to administer the user data for all SAP systems. You can connect a J2EE Engine to one or more child systems. For example, you can connect a SAP NetWeaver Portal that only runs SAP applications to a dedicated child system (which contains all users of the portal).

If your system landscape includes an SAP NetWeaver Application Server (AS) Java that runs an application that integrates a large number of backend systems, use the ABAP data source for the User Management Engine (UME) of the AS Java.

For more information about using an ABAP system as the data source of the UME, see User Management Application Server ABAP as Data Source.

Prerequisites

?      The configuration of the ABAP data source must be supported (see J2EE Engine with ABAP Data Source).

Administration

Administration of the User Data Without a Portal

Object

Recommended Tool

User

User maintenance (transaction SU01) of the CUA central system

ABAP roles

Role maintenance (transaction PFCG) in the CUA child systems

ABAP role assignment

Role assignment in the CUA central system

J2EE security roles and UME roles

Administer the UME roles with Identity Management and the J2EE security roles with the Visual Administrator of the AS Java. Both tools are part of AS Java.

You can integrate the Java-based authorizations of the J2EE security roles and the UME roles with the ABAP roles (see Integration of UME Roles with SAP Roles).

Administration of the User Data with a Portal

Object

Recommended Tool

User

Transaction SU01 of the CUA central system

ABAP roles

Generate these roles from portal roles (see Role and User Distribution to the SAP System).

ABAP role assignment

Use the portal tools and then distribute the assignments.

J2EE security roles and UME roles

Administer the UME roles with the portal tools and the J2EE security roles with the Visual Administrator of the AS Java.

You can only change the attributes of the ABAP users in the UME of the AS Java to a restricted degree. This depends on whether the J2EE Engine is connected to a CUA child system and how the field maintenance is configured for this child system. You can, however, create users with the UME, change the passwords of the users, and lock and unlock users.

Installation

?      Set Up the Central User Administration

?      Choose the ABAP system as the data source during the installation of the J2EE Engine (see J2EE Engine with ABAP Data Source).