Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
williams_ruter3
Active Participant
11,651
In my documentation I’ll explain how to configure and use the self-service feature in SAP Hana, in my scenario I’ll use the case when you have external corporate user who wants to access some test application by requesting user creation

For my setup I will use Hana rev122 with SAP Hana SHINE deployed on SLES 12 virtual machine from ESXi 6.0

Disclaimer: My deployment is only for test purpose, I make the security simple from a network perspective in order to realize this configuration and use open source software


In order execution

  • Setup SMTP server in Hana

  • Setup Self-Service Administrator and Technical user

  • Maintain USS initialization parameters

  • Maintain Email Template

  • Request new user account

  • Accept and Activate account

  • Maintain user profile

  • Optional : change background USS picture


Guide used

SAP HANA Administrator Guide

Link used

Help SAP Hana Administration SPS 12

Detail Architecture
From a process perspective the remote user access the panel of available application from the Hana portal, from the self-service link on the web page the user request to have an account created in order to access the application wanted.

Once the request made, a confirmation email is send to notify the administrator of the system to activate the account if the automatic creation is enable or to create the new account.

At the same time an email is send back to the external to notify him/her that the request has been submitted.

When the administrator has accepted and activated the account, an email is send automatically to the external with his/her credential.

Setup SMTP in Hana


In order to configure my SMTP server I will go on the SMTP configuration application from the cockpit



Setup Self-Service Administrator and Technical user


The User Self-Service tool required to have two specific user to work, an administrator user who manages the self-service requests and access lists must be assigned the role and a technical dedicated user who is used to execute tasks associated with user self-service requests, for example, sending e-mails in response to user requests.

I will start by the administrator user account, this can be done by the studio or the cockpit




And I grant the role sap.hana.xs.selfService.admin.roles::USSAdministrator


Now create i access the USS administration at the following url : http://<myserver>:<port>/sap/hana/xs/selfService/admin.


My administrator created do the technical user by the same proceed and assign the role sap.hana.xs.selfService.user.roles::USSExecutor


Once done I need to assign the selfservice.xssqlcc artifact, in order to proceed I need to go in the artifact administration


Follow the path up to selfService.xssqlcc


Once there go on edit node and provide the user/password create for the purpose and activate


Note : you probably notice that a user was already selected, this user is generated when Hana is installed.

Maintain USS initialization parameters


My two user created and my xs artifact activated, I can now start to maintain and initialize the necessary USS.
To do this i need to be connected as USSADMIN user and select the “INI PARAMETERS”


Several option are available, I’ll turn all of them except “Automatic User Creation” so I can control the activation of the account

Maintain Email Template


My service is now up and running, I can customize the content of the email send during the process of creation, request, activation and forgot password

This can be done by selection “Email Templates” from the left side menu


Once you have change the content of the template, we just need to hit save.

Request new user account


We are ready to make some testing and check our process, do so I’ll access my hana SHINE page where I have made some change in order to make it public accessible for the page presentation.


And when I click on the app I would like to use I can see the introduction of the app


And if I click on continue it is requested for a user/pass, I can now do so by clicking on “request account” and fill up the necessary information




Once submitted, the following message shows


I check my mail box, and I can see the auto reply from my request asked me to verify my email


When I click in the link I can now create my password

Accept and Activate account


My request submitted, a notification is send to my internal lab admin user


I can see now from the admin request cockpit that I have a pending request waiting to be activate or rejected


If I check from the studio, we can see the user create automatically but deactivated because of the option I have chosen earlier


Before to activate the account, I need to provide this new user the necessary role and authorization in order to be able to use the application wanted.


Once done, I activate the account and notify the user




And finally check my user mail box and can see that I have receive my confirmation email for my account activation


So I click on the link and access the application with my new user activated


And I’m in

Maintain user profile


Each user account is associated with a profile, the user who owns the profile must adjust the settings to suit personal preferences.
In order to be able to manage its own preference the following role needs to be provide to the users “sap.hana.xs.formLogin.profile::ProfileOwner”


Once done, the use can manage his/her preference from the link /sap/hana/xs/formLogin/profile/

Optional: change background USS picture


It is possible to customize the background image displayed in the logon Web page, for example, by specifying the URL to the image displayed as background in the logon screen.


To do so, I need to add the following parameter in the xengine.ini under httpserver


The url of the picture if base from my package




So now when I access my default web page and request for a new account I have the following
My configuration is now completed to setup User Self-Service feature.
3 Comments