User Management

The portal uses the User Management Engine (UME) for user management. The UME can be configured to work with user management data from multiple data sources, for example, an LDAP directory, database, or ABAP system. For more information on the UME, see User Management Engine and Integration of User Management in Your System Landscape.

The UME is integrated as a service of the SAP NetWeaver Application Server for Java (AS for Java). Therefore you can use the user management tools of the AS for Java to manage users. In addition, the portal provides additional tools for user management which are available in the portal environment only.

User Management Tools

Tool

Detailed Description

User management functions in the Visual Administrator of SAP J2EE Engine

For more information, see SAP J2EE Engine User Management Using the Visual Administrator.

Identity Management

Enables you to manage users, groups, roles, and user-related data. It is available either as a standalone Web-based tool or as a series of iViews integrated in the User Administration role in the portal.

For more information, see User Administration Console.

User Mapping function

Enables you to map users’ portal user IDs and passwords to the corresponding user ID in systems connected to the portal to enable Single Sign-On (SSO). If you use SSO with logon tickets, you only need user mapping if the user IDs in the portal and backend systems differ.

Configuring user mapping between the portal and BSP systems exposes a security risk where the user ID and password is exposed in the HTTP header. You have the following options to eliminate this risk:

?     Reconfigure the systems to use single sign-on with logon tickets. This requires that users have the same user ID in the portal as well as in the BSP systems.

?     Upgrade the portal system to NetWeaver 2004s SPS 7 or later and upgrade the BSP system as described in SAP Note 904249. This enables both systems to support HTTP POST in combination with SSL.

For more information, see User Mapping.

Tool for distributing portal roles to ABAP systems

For more information, see Role and User Distribution to the SAP System.

Tool for uploading objects such as roles and transactions from ABAP systems to the portal

For more information, see Upload of Roles from ABAP-Based Systems.

Default Users

The portal uses the same administrator, guest, and emergency users as SAP NetWeaver Application Server for Java (AS for Java). It also uses the same communication users. For details, see Standard Users.

After installation, the standard administrator user is by default assigned to the standard Administrators group, which is in turn assigned to the standard Super Administrator role. As the Super Administrator role has extensive permissions, users associated to this role should not be used in normal operation. For more information, see Portal Roles.

In addition, the portal uses the following internal service users. These users are all used internally in the portal and should not be deleted. However, if you do delete one of these users by mistake, the system automatically creates the deleted user at the next startup of the portal.

User

Delivered?

Type

Detailed Description

pcd_service

Created during startup.

Internal service user

User to authenticate against the Portal Content Directory (PCD) service, for example to create ACLs.

config_fwk_service

Created during startup.

Internal service user

User that the configuration service (a portal core application) uses to perform any configuration operation such as deployment.

ume_service

Created during startup.

Internal service user

User with extensive permissions that the UME uses to request role data from the PCD.