cancel
Showing results for 
Search instead for 
Did you mean: 

UME question

Former Member
0 Kudos
242

Hello All,

We want to use UME for 10 different Java applications we have with about 200 users for each of them. I was wondering if there's a way to create a role for each app, which can be assigned to users who own an application, which authorizes him/her to create/maintain users specific to that appl.

I know that there are actions like UME.manage_all which when given will help in creating/maintain users of UME. But I don't want to let an admin of appl1 to add users to appl2.

If this is possible, it would avoid having just one admin managing the entire users of all applications.

Thanks in advance,

Kiran

Accepted Solutions (1)

Accepted Solutions (1)

MichaelShea
Product and Topic Expert
Product and Topic Expert
0 Kudos

Kiran,

Do the applications share users? If not you could create companies and set up each application owner as delegated user admin.

UME.Manage_All grants global administrator access. You should be careful who gets this level of access.

-Michael

Former Member
0 Kudos

Michael,

First, thank you!

Unfortunately users in our case share application access, which is quite normal. I wonder what's the recommended solution for user administration when we have 15 applications with 200 users each. A single admin can't manage 3000 users and at the same time, it's not correct to give Manage_all action to couple of "delegated admins" as they are not stopped from administering users of other apps.

Thank you again for your reply.

Kiran

MichaelShea
Product and Topic Expert
Product and Topic Expert
0 Kudos

Kiran,

I spoke with my colleagues. If you implement a portal and use delegated administrators, you can configure each delegated admin to see all users, but each delegated admin only has role assignment capabilities for their application.

What a single admin can manage, of course depends on what the admin has to manage. Your milage may vary.

As to Manage_All, I was trying to warn you (and other reading) NOT to assign Manage_All to delegated admins. It defeats the purpose of delegated admins to assign them that kind of authorization.

-Michael

Former Member
0 Kudos

Michael,

That's very interesting! However, we are not using Portal, just the Web AS 6.40 J2EE server. But, I am thinking that's shouldn't change the way UME works. As far as I know, Portal is just one other application running on the server and using UME. If it's possible in Portal, I am thinking it should be possible in non-Portal case too.

Can you please ask your colleagues what configuration they had to do to achieve this feature? What roles/action do they give to these delegated admins?

Thank you for following it up!

Kiran

MichaelShea
Product and Topic Expert
Product and Topic Expert
0 Kudos

Kiran,

I am not a portal expert, but the portal out-of-the-box, enables you to define roles and permissions in a delegated way. What those roles are called are up to you.

Yes, you add customized software to the AS Java to do the same thing, but you would have to do the customization that already exists in the portal. What that customization would be is beyond my meager skills. For that kind of information, you would have to ask/employ an expert/consultant.

Sorry I can't be any more help than that.

-Michael

Former Member
0 Kudos

Thanks for the response Michael.

So, it's an add-on to UME available from Portal. I hope SAP comes up with similar functionality in UME itself.

Thanks again,

Kiran

Answers (0)