Question regarding unique user identification
I haven't managed to find a way to uniquely identify a user within the UME, and was hoping someone could help with this. Here's a brief scenario to explain the problem:
Simon Jones joins the company and is given username sjones. He is given access to various application within the Java AS (including Portal and some custom applications). Some time later, he leaves the company and his user account is deleted.
Steven Jones joins the company a year later, and is given the username sjones (same username as Simon Jones had when he was employed). He is given access to different functionality within Portal and the same custom applications.
The custom applications each store custom user-specific information in their own tables.
Now here's the question. How do the custom applications store information relating to the user, ensuring that it is uniquely assigned to that specific user and not to any future users that are created with the same username? In other words, is there a unique key (similar to the SID in Microsoft Active Directory) that uniquely identifies the user, and can be used as the key in the custom tables described above? This would need to be a new key generated for each user as they are created - ensuring that two users with the same username (existing at different times) are uniquely identifiable.
Or is there perhaps a place where custom information can be added to the user record in the UME in a generic way (i.e. does not require any schema changes)?
I realise I may not have explained this very well, so please ask if anything is unclear.
I'd really appreciate some comments on this.
Uwe Steigmann replied
no, SAP does not provide an identifier which is also unique over time. As long as the users are maintained via the UME API, there will be no issu with recreated users, as all user related data will be removed from the SAP system during deletion. If the user is deleted and created in an connection LDAP directory server, the UME consistency check tool can be used to cleanup pending data.
If such an attribute exists for a user in an LDAP directory, it can simply be requested via the UME API by adding a new UME attribute to the UME data source configuration file and mapping it to the physical attribute name of the attribute in the LDAP directory.
BTW: Having identifiers that are unique over time also brings some problems, especially if the LDAP vendor or persistence option is changed, as any data that is assigned to users could then be lost.