Delegated User Administration Using
Companies
Use
Delegated user administration allows you to distribute user administration between several administrators so that each administrator is responsible for a particular set of users. For example, you can designate one user administrator for each business area in your company. Each user administrator can only create, modify, and delete users in the business area that he or she is responsible for.
Integration
You use companies to implement a simple form of delegated user administration. By assigning users to companies, you divide them up into administrative sets. One or more administrators are responsible for managing the users in each company.
Features
In delegated administration, we distinguish between overall user administrators and delegated user administrators:
· Overall User Administrators can add, modify and delete users of all companies. They can create and administer delegated user administrators and assign them appropriate roles and permissions. In addition the following tasks can only be performed by an overall user administrator:
¡ Group management
¡ Role management with permissions to assign all roles
¡ User mapping (SAP Enterprise Portal only)
¡ Import and export of user data
¡ Replication of user data
In the portal, overall user administrators are all administrators who are assigned to the Super Administration or User Administration role. In all other cases, overall user administrators must belong to a role to which the UME.Manage_All action is assigned.
· Delegated User Administrators can add, modify and delete users that belong to the same company as the delegated user administrator. When they search for users, only users in their company are displayed. They cannot perform any actions involving groups.
In SAP
Enterprise Portal only, delegated user administrators can assign roles to
their company users. They can only assign portal roles for which they have the
Role Assigner permission. They do not need to have
any Administrator or
End User permissions for the role. For more information on
the Role Assigner permission, see 
Permission
Levels.
In the portal, delegated user administrators are all administrators who are assigned to the Delegated User Admin role. In all other cases, delegated user administrators must belong to a role to which the UME.Manage_Users action is assigned.
Constraints
· Each user can only belong to one company. This means that each delegated user administrator can only belong to one company as well, therefore he or she cannot administer more than one company.
· It is not possible to have a hierarchy of companies. As a result, you cannot have a hierarchy of user administrators.