Entering content frame

Procedure documentation Activating the UME User Store

Use

After installing the SAP J2EE Engine, there are a few users and security role mappings in the default DBMS user store. When changing to the UME user store on the SAP J2EE Engine, you need to re-assign these security role mappings for these users. You also need to set up the anonymous user account. Therefore, verify that the user Guest belongs to the Anonymous users group and then activate the UME user store. See the procedures below.

Procedure

Verifying Users and Groups

...

       1.      Logon to the Visual Administrator as Administrator.

       2.      In the left pane, expand Cluster  ® Server  ® Services.

       3.      Select the Security Provider from the list of services.

       4.      In the right pane, choose Runtime  ® User Management.

       5.      Choose Manage Security Stores.

The list of configured user stores appears.

       6.      In the list of configured user stores, select the UME User Store.

Information about the UME user store appears in the right pane.

       7.      Choose Browse Security Store.

The user tree from the UME user store appears.

       8.      Expand the group Anonymous users.

       9.      Verify that your anonymous user ( Guest or J2EE_GUEST) is a member of this group.

   10.      If it is not already a member, then add it to the Anonymous usersgroup.

   11.      Select your anonymous user and verify its properties in the user properties section.

 

Activating the UME User Store

Using the Visual Administrator:

...

       1.      In the list of configured user stores, select the UME user store.

       2.      Choose Activate Security Store.

       3.      In Step 2: Confirm Authentication Modules, choose Next.

       4.      In Step 3: Change Security Roles’ Mappings, choose ready to eliminate any roles from the list of roles that do not need any user mapping assignments.

       5.      For the rest of the security roles, assign your security roles to the corresponding groups as shown in the table below. This step is necessary to assign the old security role mappings to the new users and groups in the new user store.

Security Role Mappings

Component

Security Role

Group to Use for UME with Database

Group to Use for UME with ABAP Engine

SAP-J2EE-Engine

administrators

Administrators

SAP_J2EE_ADMIN

 

guests

Guests

SAP_J2EE_GUEST

 

all

Everyone

Everyone

 

KeystoreViews
 Creator

Administrators

SAP_J2EE_ADMIN

 

Keystore
 Administrator

Administrators

SAP_J2EE_ADMIN

service.telnet

telnet_login

Administrators

SAP_J2EE_ADMIN

service.naming

jndi_all_
 operations

Administrators

Guests

SAP_J2EE_ADMIN

SAP_J2EE_GUEST

 

jndi_get_initial_
 context

Administrators

Guests

SAP_J2EE_ADMIN

SAP_J2EE_GUEST

com.sap.lcr.sld

LcrInstance
 WriterAll

Administrators

SAP_XI_CONTENT_
 ORGANIZER_J2EE

 

LcrInstance
 WriterLD

Administrators

SAP_XI_CONFIGURATOR_J2EE
SAP_XI_APPL_SERV_USER
SAP_XI_IR_SERV_USER
SAP_XI_ID_SERV_USER
SAP_XI_IS_SERV_USER

 

LcrInstance
 WriterNR

Administrators

SAP_XI_CONFIGURATOR_J2EE
SAP_XI_DEVELOPER_J2EE

 

LcrUser

Administrators

SAP_XI_DISPLAY_USER_J2EE
SAP_XI_MONITOR_J2EE
SAP_XI_RWB_SERV_USER

 

LcrAdministrator

Administrators

SAP_XI_ADMINISTRATOR_J2EE

 

LcrInstance
 WriterCR

Administrators

SAP_XI_ADMINISTRATOR_J2EE

 

LcrClass
 Writer

Administrators

SAP_XI_ADMINISTRATOR_J2EE

Caution

If the Visual Administrator has problems when mapping the group Everyone, then:

·         Stop the Visual Administrator by entering Cntl-C in its console window.

·         Restart the Visual Administrator and log on as the administrator.

·         Select the Configuration Adapter from the server’s list of services.

·         Choose Runtime  ® Display configuration.

·         Expand Configurations  ® security  ® roles  ® UME user store  ® all  ® groups.

·         Add a new value entry of type String. As the name, enter Everyone and leave the value blank.

·         Restart the activation of the UME user store.

The mapping for Everyone should now exist and you can continue with the activation.

       6.      When you have finished with the mapping procedure, choose ready again.

The option Next is now enabled.

       7.      Choose Next.

       8.      In Step 4: Confirm Authorization Modules, choose Next.

       9.      In Step 5: Confirm Anonymous Principal, select your guest user from the user tree (Guest or J2EE_GUEST) and choose Next.

   10.      In Step 6: Test Administrator Of New User Store, enter the user ID and password of the administrator (Administrator or J2EE_ADMIN). Press Enter to verify this user’s user ID and password.

   11.      If authentication was successful, choose Next. Otherwise, check this user’s user ID and password.

   12.      Choose Finish.

You are automatically logged off from the Visual Administrator.

Restart the Visual Administrator and you can log on as the new administrator.

Continue with Changing the Administrator User in Secure Storage.

 

 

Leaving content frame