Translate

Standard Users (Dual-Stack)

By default, the AS Java provides standard users for administrative and guest access, as well as communication users for connecting to the installed user data store. The standard users on the AS Java vary according to the user store and installation options and are as shown in the table below.
AS Java Standard Users
Description
UME with AS ABAP
UME with LDAP
Database (DB) store
Administrator user
Specified during the installation. Example:
J2EE_ADM_<SID>
For an add-in installation the standard user is J2EE_ADMIN.
Administrator
This user has unlimited administrative permissions over the AS Java. We recommend that you use strong password and auditing policies for this user.
Administrator
This user has unlimited administrative permissions over the AS Java. We recommend that you use strong password and auditing policies for this user.
Guest user
Specified during the installation. Example:
J2EE_GST_<SID>
For an add-in installation, this user isJ2EE_GUEST.
Guest
This user is also used for anonymous access to the AS Java. By default, this user is locked.
Guest
This user is also used for anonymous access to the AS Java. By default, this user is locked.
Technical user
Specified during installation. Example:
SAPJSF_<SID>
In case you have several AS Java systems with AS ABAP data sources,  we recommend that you create system-specific communication users using the above naming convention.
Configuration of the communication users for LDAP data sources is performed as an additional post-installation step.
DB user is specified during installation. Example:
SAP<SID>DB
The AS Java also uses this user for DB connectivity when you configure the UME with a DB user store.
You can use the Parameter Summary screen at the end of the input phase of the installation to revise the change the standard user IDs. In addition, if the user management engine (UME) is configured to use an AS ABAP system for user management, you can enter the name of the ABAP user that is defined as administrator for this system.
Note
When using the UME with AS ABAP in an add-in installation, the AS Java users must exist in the AS ABAP data source. In addition, you have to complete the initial password setup for the AS ABAP users, prior to creating the respective users on the AS Java.
For more information, see UME Data Sources in the UME documentation.
In addition to the above standard users, a default AS Java installation can also contain the following technical users:
User
Description
ADSuser
Used for communication between the AS Java and the Adobe Document Services (ADS) . This user is created in the AS Java or in the AS ABAP depending on the user store installation settings. For more information, see the Adobe Config Guide in the ADS Documentation and SAP Interactive Forms by Adobe Security Guide in the SAP NetWeaver Security Guide.
caf_mp_scvuser
Used internally in the Composite Application Framework (CAF) core transport system whenever the execution of a certain function requires administrator permissions, and the caller principal does not have this permission. The CAF also uses this service user to communicate with other AS Java services.
For more information, see Composite Application Framework Core Security Guide in the SAP NetWeaver Security Guide.

Security Considerations for Standard Users

You assign initial passwords for the AS Java standard users during installation. In your productive operations or after the installation is complete, you can use the UME and the AS Java administration tools to change the initial passwords, manage the default properties for these users, lock users and create users with equivalent permissions on the AS Java.
For more information, see Administration of Users and Roles in the Administration Manual.
By default, the administrator user is used by certain applications on the AS Java to perform administrative and installation tasks, for example software deployment and undeployment. For additional security, you can assign the use of another administrator user on the AS Java and lock the use of the administrator user.
For more information about creating AS Java users, see Managing Users, Groups, and Roles in the Administration Manual.
Caution
We recommend that you do not delete the default administrator user. If you decide to lock the default administrator user, you have to create another AS Java user with equivalent administrative privileges, for example by assigning it to the Administrators user group. In addition, you have to update the security credentials of the new administrator user in the AS Java file system secure store and in the configuration properties of the JMS service of the AS Java.
For more information, see Modifying the Default Administrator User in the Administration Manual.

Emergency User

In case of emergency, you can enable the Emergency User store on the AS Java. By default this user store contains only one user SAP*. For security purposes, when the Emergency User store is enabled, users defined in other user stores will be unable to access the AS Java.
The SAP* user is the emergency user that has full administrative authorizations and can be used to reconfigure UME if the configuration is faulty and administrators and users can no longer access applications. To use this user, you must explicitly activate it and specify its password. For more information, see Activating the Emergency User in the Administration Manual.


Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Labels

sap hana hana database aws s4 hana hana db s4hana conversion steps sap hana azure bw4hana hana migration s4hana migration sap cloud migration steps sap hana migration steps sap hana migration to azure s4hana sap fiori fiori performance fiori erp s4 hana fiori sap fiori app sap fiori client sap fiori launchpad sap s4 hana fiori cisco ecc AI SAP AI abap dumps hana sap S/4HANA S/4HANA Conversion best sap ui5 & fiori training configuration database fiori tutorial on webide free sap ui5 & fiori training s/4 hana sap dumps sap fiori tutorial sap ui5 sap ui5 & fiori sap ui5 & fiori tutorial sara ui5cn 2367245 - Troubleshooting performance issues with SAP BPA Amazon free tier for SAP AWS setup Experience CALL_FUNCTION_NOT_FOUND CCMS Configuration and Use Create New Data Class in SAP (Oracle) Critical top SAP Abap dumps DHCP Clients Not Receiving IP Addresses Download Stack.xml HAN-DB HAN-DB-ENG High CPU Usage Due to Excessive Process Switching How To How to Start and Stop SAP Hana Tenant Database How to change SAP Hana Sql Output results are limited to 5000 Records How to perform SAP Dual Stack Split - Netweaver Inactive Objects in SAP Intercompany transactions in SAP AP / AR : Cross Company Code Transaction Interface Flapping Due to Duplex Mismatch KBA LOAD_PROGRAM_LOST MSSQL shrinking transaction log file Migrating to SAP hana database NAT Overload Causing Internet Access Failure Note 500235 - Network Diagnosis with NIPING OSPF Adjacency Not Forming PRINCE2 Foundation Sample Questions Preparing for S/4HANA Conversion and the MUST know items Push to Download Basket S/4HANA Migration Cockpit S/4JANA SAP BI Support Data Load Errors and Solutions SAP BI/BW Landscape SAP BPA SAP Basis SAP Basis Automation SAP Business Objects SAP CPS SAP Certification SAP FI Certification SAP FI Certification Sample Questions SAP HANA Admin - Cockpit SAP HANA DB Engines SAP HANA Database SAP HANA terminate session connection disconnect cancel kill hang stuck SAP Hana DB restore SAP Hana Numeric Error Codes SAP Landscape SAP Language installation SAP MM and Purchase Order Tables SAP Maintenance Planner SAP Note 500235 SAP R/3 Glossary SAP Readiness Check SAP S/4HANA 1709 Installation Files SAP S/4HANA 2023 SAP S/4HANA 2023 Installation SAP S/4HANA 2023 running SAP S/4HANA Installation SAP Scheduling SAP Solman 7.2 CHARM: SAP Support Package Stack Strategy SAP Support package SAP Upgrade SAP support stack upgrade SP stacks STORAGE_PARAMETERS_WRONG_SET SUSE/SLES/Kernel versions Setup of S/4hana 2023 TSV_TNEW_PAGE_ALLOC_FAILED TSV_TNEW_PAGE_ALLOC_FAILED error Transaction ID Unable to download an SAP Note Unix/Linux Command That Are Helpful For SAP Basis Upgrading SAP Kernel Without Downtime Upgrading windows server 2008 to windows server 2019 What is OSS Notes? SAP SNOTE Tutorial accounting agile ale idoc ale/edi archive FI documents audit auditing auditor aws aws cloud basic type bluefield approach ccms ccmsidb charm copilot datavard dbacockpit download sap note download snote edi idoc electronic data interchange enable sap archiving objects erpprep ffid firefighter fraud functional hana admin how to apply sap security note https://www.erpprep.com/ idoc install install sap fiori installation interfaces intermediate document internal control license key linux version materials management messsage niping test order type port prince2 agile prince2 agile practitioner purchasing quick info s4 hana sap abap dumps sap abbreviations sap activate certification sap activate project manager sap authorization sap aws sap brownfield sap ccms sap ccms configuration sap erp sap error sap grc sap greenfield sap internet demo system sap license sap maintenance certificate sap material management sap meaning sap mm sap mm consultant sap monthly security note sap netweaver sap network diagnostic sap niping sap note sap oss sap patch day sap performance sap performance issue sap purchase order sap s/4hana sap sales and distribution sap sap otc sap sd sap sd certification training sap sd course sap sd jobs sap sd module sap sd online training sap sd training sap sd tutorial sap sd tutorial for beginners sap security sap security note sap snote sap snote tutorial sap solution manager sap sql segregation of duties separation of duties sles slicense smc snote snote in sap system sod conflict solution manager solution maneger stop start hana database suse linux techie trex two step upgrade required waterfall