Identity Management

Purpose

SAP systems within the SAP NetWeaver platform perform authorizations using a role-based identity management approach. This means that you assign authorizations to users based on the job they perform using the particular system.

Features

The tools available for performing identity management functions depend on the type of installation you have. These tools and functions are described in the following sections:

·        Users and Roles (BC-SEC-USR)

In this section, we describe the authorization concept and the corresponding tools that are available for identity management with the SAP Web AS ABAP:

Ў        User maintenance (transaction SU01)

Ў        Mass changes in user maintenance (transaction SU10)

Ў        Role and authorization maintenance (transaction PFCG)

Ў        Central User Administration (CUA)

Ў        User Information System (transaction SUIM)

·        User Management Engine

In this section, we describe authorization concept and the corresponding tools available with the User Management Engine (UME), which is the identity management provider for the SAP Web AS Java. The user management concept along with the maintenance functions are described.

·        Users and Authorizations on the SAP Web AS Java

The SAP Web AS Java also supports the use of J2EE security roles and role references parallel to the UME authorization concept. This section describes how these concepts are integrated with the SAP Web AS Java server. It also describes how to use the access control lists under resource management to protect access to server resources.

·        Directory Services (BC-SEC-DIR)

This section describes how to synchronize identity management with the SAP Web AS ABAP with identity management using directory services.

·        Identity Management Developer Documentation

This section describes how to use J2EE security roles or UME permissions and actions to protect access to your applications. It provides a set of tutorials to show how this works when using the SAP NetWeaver Developer Studio. It also describes the UME API and provides examples for using the UME functions such as authentication or access control lists in your development projects.