Creating Users (Step 2)

There are two types of users that are relevant for the set-up of data archiving:

·        Technical communication user: Used in the HTTP connection between the application system(s) and XML DAS

·        Individual administration user: Used to login to XML DAS Administration

An arbitrary number of users is possible. Both types of users must be known to the user management of the SAP J2EE Engine hosting XML DAS. For the users to be valid, they must be assigned to the security role XMLDASSecurityRole.

The procedure for creating a user and assigning it to a security role depends on the SAP Web Application Server installation option (add-in or standalone – see Selecting the UME Data Source). The following section describes which procedure you need to follow for which option.

Procedure

Add-in installation

       1.      Create a user or as many users as you like via the ABAP transaction SU01. For more information see Creating and Maintaining User Master Records.

                            a.      For administration users: We recommend that you create a dialog user (type A).

                            b.      For communication users: We recommend that you create a system user (type B) to prevent the password change request from terminating the system communication.

       2.      Assign the users you created to a role of your choosing using transactions SU01 or PFCG. You could create new roles for this purpose using transaction PFCG:

                            a.      For administration users create role Z_XMLDAS_ADMIN for example

                            b.      For communication users create role Z_XMLDAS_CLIENT for example

       3.      Assign each role to the security role XMLDASSecurityRole:

                            a.      Start the Visual Administrator.

                            b.      Select <your server> ® Services  ® Security Provider.

                            c.      In the Policy Configurations tab and under Components select sap.com/tc~TechSrv~XML_DAS*DataArchivingService.

                            d.      Go to the Security Roles tab and select XMLDASSecurityRole.

                            e.      Under Mappings use the Add function for Groups to search for the roles you created in step 2.

Standalone J2EE Engine installation (assuming the users are stored in the database of the J2EE Engine)

...

       1.      Create a user or as many users as you like:

                            a.      Start the Visual Administrator.

                            b.      Select <your server> ® Services ® Security Provider.

                            c.      In the User Management tab choose Create User.

For a communication user we recommend that you activate the No password change required option in the Account detail information screen. You can reach the screen by searching for and then selecting the user you just created.

       2.      Assign the users you created to a group of your choosing. You could create new groups for this purpose in the User Management tab choosing Create Groups: 

                            a.      For administration users create group Z_XMLDAS_ADMIN for example.

                            b.      For communication users create group Z_XMLDAS_CLIENT for example.

       3.      Assign the groups to the Security Role XMLDASSecurityRole:

                            a.      In the Security Provider go to the Policy Configurations tab.

                            b.      Under Components select sap.com/tc~TechSrv~XML_DAS*DataArchivingService.

                            c.      Go to the Security Roles tab and select XMLDASSecurityRole.

                            d.      Under Mappings use the Add function for the Groups you created in step 2

Result

You have created the necessary technical communications and individual administration users and assigned them to the security role XMLDASSecurityRole for your type of J2EE Engine installation.