on 10-09-2007 3:53 PM
Portal 7.0 sp10 2004s
ECC 6.0 sp 10 ERP 2005
Portal is connected to ABAP backend for user authenticity,
Data source configuration file is dataSourceConfiguration_abap.xml which should allow users created in the portal to be in the UME database only.
Problem, When creating users on the Portal they are automatically being created with a datasource of ABAP and are created in the ECC abap backend.
I have tried creating the users using the Visual Admin tool and it also created the users in the ECC abap backend
I have in the past been able to create users in the UME only in fact I could not create Backend ABAP users from the POrtal
Any help would be appreciated.
Thanks
sarah
OK you probably have the wrong datasource type then.
dataSourceConfiguration_abap.xml is ABAP ONLY with no portal DB.
There are a couple of choices you can try (my appologies these come from an EP6.0 system but EP7.0 should have similar options):
SAP WebAS ABAP User Management + Database
dataSourceConfiguration_r3_roles_db.xml
Read only SAP System + Database
dataSourceConfiguration_r3.xml
alternatively simply switch back to the database only option
dataSourceConfiguration_database_only.xml
A word of caution - be careful when changing the UME settings of the portal - even now im still not 100% happy about switching UME settings. Moving TO ABAP seems OK but I have never personally gone back the other way. In all cases you will be able to use the configtool to change if necessary.
Haydn
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Haydn
The documentation in SAP Note 718383 states the following for the
dataSourceConfiguration_abap.xml option
No change is possible.
dataSourceConfiguration_abap.xml
This configuration supports all usages (especially SAP Exchange Infrastructure and SAP Enterprise Portal) by making ABAP users and ABAP roles available as users and groups in the UME, and supports the creation of new groups in the UME (which are then stored in the local database) as well.
It looks like the configuration I want unless I am misunderstanding it.
What do you think ?
Thanks,
Sarah
Yes but it doesnt match your requirement - if you want to store users in the portal then you cannot use ABAP as the datasource. Only groups and roles can be stored in the portal database (UME) under this model - users are always stored in the ABAP backend - there is a specific configuration to support a read only version of this but the problem is you still cannot create users in the portal database so it doesnt really help you.
Now the problem you have is that a configuration switch away from ABAP is not supported (thats not so say it wont work) meaning if something doesnt work SAP wont help you.
Q. Why would that be a problem for you (storing the users in the backend)? Holding users in the backend doesnt have any licence implications that im aware of. In fact arguably the reason people use ABAP is because they like to administer users with backend resources (basis and the like).
IF storing users in the backend in OK and you just dont want them created from portal then you should apply the "read only" configuration for the SAPJSF user - it looks for specific backend authorisations to determine this.
Haydn
Sarah,
If your abap datasource is read/write that would probably explain it. You might want to try restricting the permission of the UME user to read only to see if it makes a difference.
I seem to recall that with the ABAP datasource - you could ONLY store users in the backend and the portal database was unavailable for new users. I have access to both types here ..... ill have a play
Haydn
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Haydn
Thanks for your suggestion, I am still having problems
I changed the SAPJSF user that communicates from the portal to the abap backend to read only. I got an error, it is still trying to create an ABAP backend user
An error occurred in the persistence. The original message (possibly not translated) was: "BAPI_USER_CREATE1@RS2CLNT100: ID=01, NUMBER=491, MESSAGE=You are not authorized to create users in group". Contact your system administrator
From the SAP Note 718383 it states the following:
Supported changes to the data source configuration
The allowed change options depend on the currently active data source configuration. You can determine the current data source configuration with the J2EE ConfigTool.
In "cluster-data -> Global server configuration -> services -> com.sap.security.core.ume.service" check the property "ume.persistence.data_source_configuration".
Depending on the data source configuration file you use, the following changes are possible:
dataSourceConfiguration_abap.xml
No change is possible.
This configuration supports all usages (especially SAP Exchange Infrastructure and SAP Enterprise Portal) by making ABAP users and ABAP roles available as users and groups in the UME, and supports the creation of new groups in the UME (which are then stored in the local database) as well.
Any other suggestions would be appreciated,
Thanks
Sarah
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.