cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UME Create user not possible

sarah_bavousett
Participant

on ‎10-09-2007 3:53 PM

0 Kudos

Portal 7.0 sp10 2004s

ECC 6.0 sp 10 ERP 2005

Portal is connected to ABAP backend for user authenticity,

Data source configuration file is dataSourceConfiguration_abap.xml which should allow users created in the portal to be in the UME database only.

Problem, When creating users on the Portal they are automatically being created with a datasource of ABAP and are created in the ECC abap backend.

I have tried creating the users using the Visual Admin tool and it also created the users in the ECC abap backend

I have in the past been able to create users in the UME only in fact I could not create Backend ABAP users from the POrtal

Any help would be appreciated.

Thanks

sarah

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎10-09-2007 4:39 PM
0 Kudos

OK you probably have the wrong datasource type then.

dataSourceConfiguration_abap.xml is ABAP ONLY with no portal DB.

There are a couple of choices you can try (my appologies these come from an EP6.0 system but EP7.0 should have similar options):

SAP WebAS ABAP User Management + Database

dataSourceConfiguration_r3_roles_db.xml

Read only SAP System + Database

dataSourceConfiguration_r3.xml

alternatively simply switch back to the database only option

dataSourceConfiguration_database_only.xml

A word of caution - be careful when changing the UME settings of the portal - even now im still not 100% happy about switching UME settings. Moving TO ABAP seems OK but I have never personally gone back the other way. In all cases you will be able to use the configtool to change if necessary.

Haydn

Show replies
Show replies
sarah_bavousett
Participant
‎10-09-2007 4:51 PM
0 Kudos

Haydn

The documentation in SAP Note 718383 states the following for the

dataSourceConfiguration_abap.xml option

No change is possible.

dataSourceConfiguration_abap.xml

This configuration supports all usages (especially SAP Exchange Infrastructure and SAP Enterprise Portal) by making ABAP users and ABAP roles available as users and groups in the UME, and supports the creation of new groups in the UME (which are then stored in the local database) as well.

It looks like the configuration I want unless I am misunderstanding it.

What do you think ?

Thanks,

Sarah

Former Member
‎10-09-2007 5:07 PM
0 Kudos

Yes but it doesnt match your requirement - if you want to store users in the portal then you cannot use ABAP as the datasource. Only groups and roles can be stored in the portal database (UME) under this model - users are always stored in the ABAP backend - there is a specific configuration to support a read only version of this but the problem is you still cannot create users in the portal database so it doesnt really help you.

Now the problem you have is that a configuration switch away from ABAP is not supported (thats not so say it wont work) meaning if something doesnt work SAP wont help you.

Q. Why would that be a problem for you (storing the users in the backend)? Holding users in the backend doesnt have any licence implications that im aware of. In fact arguably the reason people use ABAP is because they like to administer users with backend resources (basis and the like).

IF storing users in the backend in OK and you just dont want them created from portal then you should apply the "read only" configuration for the SAPJSF user - it looks for specific backend authorisations to determine this.

Haydn

Former Member
‎10-09-2007 4:03 PM
0 Kudos

Sarah,

If your abap datasource is read/write that would probably explain it. You might want to try restricting the permission of the UME user to read only to see if it makes a difference.

I seem to recall that with the ABAP datasource - you could ONLY store users in the backend and the portal database was unavailable for new users. I have access to both types here ..... ill have a play

Haydn

Show replies
Show replies
sarah_bavousett
Participant
‎10-09-2007 4:19 PM
0 Kudos

Haydn

Thanks for your suggestion, I am still having problems

I changed the SAPJSF user that communicates from the portal to the abap backend to read only. I got an error, it is still trying to create an ABAP backend user

An error occurred in the persistence. The original message (possibly not translated) was: "BAPI_USER_CREATE1@RS2CLNT100: ID=01, NUMBER=491, MESSAGE=You are not authorized to create users in group". Contact your system administrator

From the SAP Note 718383 it states the following:

Supported changes to the data source configuration

The allowed change options depend on the currently active data source configuration. You can determine the current data source configuration with the J2EE ConfigTool.

In "cluster-data -> Global server configuration -> services -> com.sap.security.core.ume.service" check the property "ume.persistence.data_source_configuration".

Depending on the data source configuration file you use, the following changes are possible:

dataSourceConfiguration_abap.xml

No change is possible.

This configuration supports all usages (especially SAP Exchange Infrastructure and SAP Enterprise Portal) by making ABAP users and ABAP roles available as users and groups in the UME, and supports the creation of new groups in the UME (which are then stored in the local database) as well.

Any other suggestions would be appreciated,

Thanks

Sarah

Former Member
‎10-09-2007 4:23 PM
0 Kudos

what are you trying to do then?

only create users in the portal and not the backend ABAP?

Is this for a particular reason or is this what you want to do permanently?

Haydn

sarah_bavousett
Participant
‎10-09-2007 4:27 PM
0 Kudos

Haydn

Any users created thru the Portal should be only in the UME database (portal only).Our other users are created in the ECC abap backend and when they log onto the portal they are authenticated by the backend.

We want this to be Permanently they way it works.

Thanks

Sarah

Ask a Question