AS Java SecurityUME - Groups

UME – Groups

Last but not the least of the UME Objects are Groups. Again we follow the same process for creating groups as for creating roles or users. We start by selecting Groups from the dropdown and click the “Create Group” button.

Identity Management - Create Groups
Identity Management - Create Groups

We start by adding a name and description for the new group. Groups don’t carry any permissions themselves but can be mapped to any number of roles. A user assigned to a UME group will inherit all the roles and the permissions contained in them. Groups also can be a part of a hierarchy of parent and chid groups.

Groups serve a special purpose when the UME uses an ABAP system as its data source. In this case, any new role created in ABAP is available in AS Java as a user group. Also assigning the backend role would assign the UME group and any role mapped to it in the java system. Many a time, a UME role contains java applications accessing backend SAP data. This is specially the case when an Enterprise Portal is installed on the AS Java system. A case in point are ESS and MSS applications used in SAP HCM. For these applications, we can create a backend role and assign the needed java role(s), either UME or portal roles, to the corresponding group. Any user getting the backend role would automatically get the correct Java access.

So for a AS Java system with an ABAP datasource, the entire user-role administration can be carried out from the ABAP backend. For a UME with Active Directory server as its user source, groups can be mapped to a AD group such that a user getting a AD group automatically gets the UME group and all roles mapped to it.

5 thoughts on “UME – Groups

  • krishnaprasad

    Hi amanda how r u? recently url post java security .it is very help full for me.

    thank you

    Reply
  • Naveen Kumar

    Hi Amanda,

    I am very happy to gain more knowledge in sap security with your website SO, I need one more help with you.

    Please provide the implementation,configuration and support documents for GRC 10. i am new to GRC So, Please provide me this documents then it more helpful for me.

    Thank you,
    Naveen.

    Reply
    • Hi Naveen,

      Each SAP product comes with its own installation guide. I am not in the habit of collecting and storing these in my local machine as this can be easily downloaded from sap service marketplace.

      Regards,
      Aninda

      Reply
  • Dear Aninda,

    First, I would like to thank you for all the knowledge you have shared through this website.

    Second, On the above topic of UME- Groups; I would like to share below link of my SCN document “Easy Enterprise Portal User administration by Portal to ABAP role mapping”.

    http://scn.sap.com/docs/DOC-46597

    Hope it to be useful for everyone of us.

    Cheers,
    Daya

    Reply
    • Aninda

      Thanks for posting the link. Hopefully it will benefit others who want to get more details on the subject.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *