Below is the note u can contact ur manager for creating S User id

Any how Change the property ume.admin.wdactive to true again and save and restart ur portal server just a guess

Note 869852 - Central Note For UME Web Dynpro UIs

Symptom

User Management UIs based on Web Dynpro on SAP NetWeaver 04s

More Terms

UME, NW04s, WD, Limitations, UMEADMIN, UmeAdminApp

Cause and Prerequisites

You are using Web Dynpro (WD) based User Management (UME) UIs

Solution

This note is a central note for the UME WD based UIs introduced with NW04s

SPS5.

This note covers the following topics:

1) Enabling / disabling of UME WD UIs in standalone mode

2) Re enabling the old UME UIs in SAP NetWeaver Portal

3) Limitations and Unsupported Functionality

4) Business user permissions for profile self-management and

self-registration

5) Troubleshooting

6) Patches

=======================================================================

1) Enabling / disabling of UME WD UIs

In order to enable (default) or disable the UME WD UIs:

o Start the Config Tool.

o Navigate to cluster-data -> global server configuration -> services

-> com.sap.security.core.ume.service.

o Change the property ume.admin.wdactive to true (enable) or

false (disable).

o Restart the whole system.

After disabling the UME WD UIs, you can use the commonly known UME UIs

shipped with NW04.

=======================================================================

2) Re enabling the old UME UIs in SAP NetWeaver Portal

To enable the old UME UIs in the SAP NetWeaver Portal, do the following:

a) Create two portal roles with a Content Administrator (Navigate to

Content Administration -> Portal Content):

o One role for "User Administration"

o One role for "Delegated User Administration"

b) Copy the "Standard User Role " (also known as "Every User Role") to:

o A new "Standard User Role"

21.08.2007 Page 2 of 8

Note 869852 - Central Note For UME Web Dynpro UIs

c) Copy the "Every User Core Role" to:

o A new "Every User Core Role"

d) Assign the following worksets to the roles as delta link (all from

Portal Content -> Content Provided by SAP -> Admin Content -> User

Administrators -> Worksets):

o For "User Administration":

User Administration (ID:

pcd:portal_content/com.sap.pct/administrator/us

er_admin/worksets/com.sap.portal.user_admin_ws)

o For "Delegated User Administration":

Delegated User Administration (ID:

pcd:portal_content/com.sap.pct/admini

strator/user_admin/worksets/com.sap.portal.delegated_user_admin_ws)

o For "Standard User Role":

- Remove the "User Profile" page from the "Portal

Personalization" workset

- Add following pages as delta link to the "Portal

Personalization" workset (all from Portal Content -> Content

Provided by SAP -> End User Content -> Standard Portal Users ->

Pages):

Portal Language (ID:

pcd:portal_content/com.sap.pct/every_user/general/p

ages/com.sap.portal.persoPortalLanguage)

User Password (ID:

pcd:portal_content/com.sap.pct/every_user/general/pag

es/com.sap.portal.persoUserPassword)

User Profile (ID:

pcd:portal_content/com.sap.pct/every_user/general/page

s/com.sap.portal.persoUserProfile)

User Mapping (ID:

pcd:portal_content/com.sap.pct/every_user/general/page

s/com.sap.portal.persoUserMapping)

o For "Every User Core Role":

- Remove the "User Profile" page from the "Portal

Personalization" workset

- Add the following pages as delta link to the "Portal

Personalization" workset (all from Portal Content -> Content

Provided by SAP -> End User Content -> Standard Portal Users ->

Pages):

Portal Language (ID:

pcd:portal_content/com.sap.pct/every_user/general/p

21.08.2007 Page 3 of 8

Note 869852 - Central Note For UME Web Dynpro UIs

ages/com.sap.portal.persoPortalLanguage)

User Password (ID:

pcd:portal_content/com.sap.pct/every_user/general/pag

es/com.sap.portal.persoUserPassword)

User Profile (ID:

pcd:portal_content/com.sap.pct/every_user/general/page

s/com.sap.portal.persoUserProfile)

User Mapping (ID:

pcd:portal_content/com.sap.pct/every_user/general/page

s/com.sap.portal.persoUserMapping)

e) Assign the following UME actions to the roles with a User Administrator

tool (Navigate to User Administration -> Identity Management, search for

the created roles, select the appropriate role and choose tab Actions in

modify mode):

o For "User Administration": UME.Manage_All

o For "Delegated User Administration": UME.Manage_Users

o For "Every User Role" or "Every User Core Role": No additional UME

actions are needed. The copied "Standard User Role" or "Every User

Core Role" should already have the UME action UME.Manage_My_Profile

f) Assign appropriate users to the newly created roles.

g) Disable the UME WD UIs (See paragraph "Enabling / disabling of UME WD

UIs")

=======================================================================

3) Limitations and Unsupported Functionality

At the moment, following limitations appear in the new UME WD UIs compared

to the old UME UIs :

o The number of additional attributes is limited to 30.

o If using ume.admin.self.addattrs, an <empty> value does not

result in using ume.admin.addattrs. No attributes are used at

all. To display these attributes, copy the value from

ume.admin.addattrs to ume.admin.self.addattrs.

o Replication is not supported.

- To use this function, disable the UME WD UIs (see (1) ).

=======================================================================

4) End user permissions for profile self-management and self-registration

You must assign one of the following UME actions to business users via a

role to enable them to view or change their profiles. You must perform this

assignment manually after installation.

o UME.Manage_My_Profile: View and change all profile parameters

21.08.2007 Page 4 of 8

Note 869852 - Central Note For UME Web Dynpro UIs

o UME.Manage_My_Password: View all profile parameters, but change

password only

o UME.Read_My_Profile: View all profile parameters

This assignment can be done with the UME Everyone role (which itself is

assigned to the Everyone group) or by any other User - (Group) - Role -

action assignment.

You must set the property

ume.logon.security_policy.password_change_allowed to true in

order to enable business users to change their passwords in the UME WD UIs.

For NW04s SP9, a new self-registration UI based on WD was introduced. To

use this new self-registration UI, you must add a new UME action

("UME.Selfregister_User") to a new UME role. This new role add to the

built-in anonymous users group.

=======================================================================

5) Troubleshooting

Instance of UMEADMIN model provider (JMX Server) provider cannot be found

on the J2EE Instance. This can be noticed by an error message in the trace

file:

o "Caused by: javax.management.InstanceNotFoundException:

com.sap.default:name=IJmxServer,j2eeType=UmeJmxServer,SAP_J2EEClust

er=<SID> not in repository")

o An error message in the WD UI ("The initialisation of an

Backend-Service failed" or "A required service for the identity

management user interface is not available. Contact your system

administrator.").

o For NW04s SP8 and higher, an error message is written into the log

file if the UMEADMIN model provider (JMX Server) cannot be

registered. Please check the default trace file, for the error that

caused the problem.

o Sometimes, classloading problems appear on a system and no error

message is written into the log or trace file. In order to check

why the UMEADMIN model provider (JMX Server) cannot be registered,

please perform following steps:

- Log into the visual admininistrator with an administrator user.

- On the left side, navigate to server - services - Log

Configuration

- Raise the severity of location

"com.sap.engine.services.servlets_jsp.Deploy" to "ALL".

- On the left side, navigate to server - services - deploy.

- On the right side, choose applications.

- Stop the application "com.sap.security.core.admin" and start it

again. The start should finish successfully.

21.08.2007 Page 5 of 8

Note 869852 - Central Note For UME Web Dynpro UIs

- On the bottom right side, you can find an info button (see

attached screenshot). Press this button, and an info pop up

screen will be displayed. If UMEADMIN model provider (JMX

Server) does not start, a warning message appears there.

- Have a look into the default trace file, the warning message

and the cause of the problem should be found there.

After upgrading your system to a newer SP, you get one of the following

exceptions when executing the UME WD application:

o java.lang.NoSuchMethodError:

com.sap.security.core.wd.umeuifactory.wdp.I

ExternalUmeUiFactoryCompInterface.hasSimplePermission(Ljava/lang/St

ring;

Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/St

ring;Ljava/lang/String;)Z at

com.sap.security.core.wd.maintaingroup.MaintainGroupComp.afterModel

Init(MaintainGroupComp.java:787)

o

com.sap.tc.webdynpro.progmodel.context.ContextConfigurationExceptio

n:

MappedAttributeInfo(UmeAdminComp.UmeProperties.UME_ADMIN_WD_COMPO

NENTS_UMEADMINAPP): mapped attribute

UME_ADMIN_WD_COMPONENTS_UMEADMINAPP not found

o In order to avoid this error, perform following steps:

- Open the SDM tool and undeploy all components starting with

"tc/sec/ume/wd/..."

- Go to your downloaded SP archives and find the UMEADMIN*.SDA.

Redeploy it.

=======================================================================

6) Bugfixes and Patches

Symptom: When using the company concept, you cannot set the company

attribute directly for a user.

Solution for NW04s SPS05 and SPS06: As workaround, you can set the company

group for the user. Therefore, modify the user, navigate to assigned

groups, search for the new company group and add this group to the user.

Solution for NW04s SPS07: You can set the company attribute for a user

directly.

Symptom: When having company concept enabled, it is not possible to search

for unapproved users.

Solution for NW04s SPS09: Download SAPJTECHS09P patch #1 SCA from SAP

service marketplace so that you are able to search for unapproved users

again.

http://service.sap.com/swdc

Support Packages and Patches

SAP JAVA TECH SERVICES 7.00

OSINDEP

SAPJTECHS09P patch #1

21.08.2007 Page 6 of 8

Note 869852 - Central Note For UME Web Dynpro UIs

Symptom: When having created a UME role with action "UME.Manage_All" and a

user within this role without being in the "Administrators" group, you are

getting an error while executing the UME configuration UI or UME

consistency check UI.

Solution for NW04s SPS09: Download SAPJEE09P patch #1 from SAP service

marketplace in order to be able to execute the UME UIs again.

http://service.sap.com/swdc

Support Packages and Patches

SAP J2EE ENGINE 7.00

OSINDEP

SAPJEE09P patch #1

Symptom: Role / Group / User / Action assignment cannot be done:

Solution for NW04s SPS10: The UIs for assigning one ore more principals to

another principal have exchanged. In modify modus, the available principals

are available on the left side, the assigned principals are available on

the right side.

Symptom: You have an LDAP configuration, where you specified an own unique

user attribute (UME property ume.ldap.unique_user_attribute). When

opening UME WD UIs, you get a message that user cannot be created and the

Create User button is disabled.

Solution for NW04s SPS10: Download SAPJEECOR10P patch #5 and

SAPJTECHS10P patch #5 from SAP service marketplace in order to be able

to create users.

http://service.sap.com/swdc

Support Packages and Patches

SAP J2EE ENGINE CORE 7.00

OSINDEP

SAPJEECOR10P patch #5

SAP JAVA TECH SERVICES 7.00

OSINDEP

SAPJTECHS10P patch #5

Symptom: A check for user creation is done when starting UME WD UIs even if

ABAP readonly persistence is used. This leads to a warning message in the

UI and an error message in security.log and defaulttrace file, because the

user creation is not possible:

Solution for NW04s SPS11: These warning and error messages are changed to

an info message on the UI and an info message in the defaulttrace file.

Solution for NW04s SPS12: This check will only be done when pressing the

Create User Button, so that the info message will not be displayed when

entering the End User Profile or Selfregister Application.

Symptom: The general functionality of sorting UME principals (Users,

Groups, Roles, Actions) is not working.

Solution for NW04s SPS11: The sorting functionality is working again.

Symptom: A business user assigned to a role with the UME action

"Manage_My_Profile" is able to set his or her security policy from

"Default" to "Technical User" and with this, disable the "Password Change

Required" functionality.

Solution for MW04s SPS11: Download SAPJEECOR11P patch #5 from SAP

service marketplace so that the business user is not able to modify his or

her security policy any more.

http://service.sap.com/swdc

Support Packages and Patches

SAP J2EE ENGINE CORE 7.00

21.08.2007 Page 7 of 8

Note 869852 - Central Note For UME Web Dynpro UIs

OSINDEP

SAPJEECOR11P patch #5

Solution for MW04s SPS12: Download SAPJEECOR12P patch #3 from SAP

service marketplace so that the business user is not able to modify his or

her security policy any more.

http://service.sap.com/swdc

Support Packages and Patches

SAP J2EE ENGINE CORE 7.00

OSINDEP

SAPJEECOR12P patch #3

Symptom: A business user is not able to login to FPN consumer portal

because the producer roles he is assigned to are no longer available. In

the UME UI, these role assignments are not able to be removed, because the

roles are inconsistent.

Solution for MW04s SPS11: Download SAPJTECHS11P patch #8 from SAP

service marketplace in order to be able to remove the role assignments to

the inconsistent role.

http://service.sap.com/swdc

Support Packages and Patches

SAP JAVA TECH SERVICES 7.00

OSINDEP

SAPJTECHS11P patch #8

Solution for MW04s SPS12: Download SAPJTECHS12P patch #3 from SAP

service marketplace in order to be able to remove the role assignments to

the inconsistent role.

http://service.sap.com/swdc

Support Packages and Patches

SAP JAVA TECH SERVICES 7.00

OSINDEP

SAPJTECHS12P patch #3

Symptom: When displaying the detailed information of assigned users, groups

or roles, which have a blank (" ") or special character (e.g. "+") in their

unique name, an error message occurs

("com.sap.tc.webdynpro.services.exceptions.InvalidUrlRuntimeException" or

"com.sap.security.core.wd.exception.UmeUiNoSuchPrincipalException")

Solution for NW04s SPS12: The assigned users, groups or roles can also

contain a blank in their unique name in order to display their detailed

information.

Symptom: A delegated user administrator (with the UME Action

Manage_Role_Assignments) is not able to assign remote FPN roles of a

producer portal on the consuming portal. An error message occurs that the

user has not the appropriate permissions even if the role assigner

permission is correctly set on the producing system for the delegated user

administrator or the related role.

Solution for MW04s SPS12: Download SAPJTECHS12P patch #4 from SAP

service marketplace in order to be able to assign the remote FPN roles.

http://service.sap.com/swdc

Support Packages and Patches

SAP JAVA TECH SERVICES 7.00

OSINDEP

SAPJTECHS12P patch #4

Symptom: A password administrator (with the UME Action

Manage_All_User_Passwords or Manage_User_Passwords) is able to create

users.

21.08.2007 Page 8 of 8

Note 869852 - Central Note For UME Web Dynpro UIs

Solution for MW04s SPS12: Download SAPJTECHS12P patch #4 from SAP

service marketplace in order to prohibit the creation of users for the

password administrator.

http://service.sap.com/swdc

Support Packages and Patches

SAP JAVA TECH SERVICES 7.00

OSINDEP

SAPJTECHS12P patch #4

Header Data

Release Status: Released for Customer

Released on: 03.08.2007 06:28:59

Priority: Recommendations/additional info

Category: FAQ

Main Component BC-JAS-SEC-UME User Management Engine

Valid Releases

Software Component Release From

Release

To Release and Following

SAP-JEE 7.00 7.00 7.00

UMEADMIN 7.00 7.00 7.00

Related Notes

Number Short Text

1013521 Configuration of supported languages within the portal

979479 Inconsistent StyleSheets after upgrade to 7.0 SP 8

917946 Biller Direct Company Admin and UME Web Dynpro (WD)

883131 NW04s SP4/SP5 Limitations for Security&Identity Management

836946 BP Supplier Collaboration 2.0 : installation information

720590 User Management Engine (UME) on WAS 6.30 and higher

Attachments

File Type File Name Language Size

ZIP visual_admin_deploy_view.zip E 86 KB