05-07-2010 7:53 PM
Hi,
i know that if we are using ABAP+JAVA stacks we need to have SAP_J2EE_ADMIN to do administration on J2EE side. i have a question on this.
1. Do we map SAP_J2EE_ADMIN role to a portal role or assigning a user in ABAP with role SAP_J2EE_ADMIN will automatically gives him the ability to create a user in UME or any admin functions in J2EE
2. what happens if user has SAP_J2EE_ADMIN role in ABAP system with out having access to Netweaver J2EE Engine, can he create users in JAVA side without actually logging in there.
i am little confused about this role.
Thanks,
SS
05-08-2010 1:09 PM
>>Do we map SAP_J2EE_ADMIN role to a portal role or assigning a user in ABAP with role SAP_J2EE_ADMIN will automatically gives him the ability to create a user in UME or any admin functions in J2EE
No mapping required. Automatically it will give administration rights
>> what happens if user has SAP_J2EE_ADMIN role in ABAP system with out having access to Netweaver J2EE Engine, can he create users in JAVA side without actually logging in there.
if user has SAP_j2ee_admin in abap side, he can loging to Java URL. He can do all administration tasks, like user creation, role assignment etc in UME.
I hope it clears your doubt.
Best Regards
Imran
05-08-2010 1:09 PM
>>Do we map SAP_J2EE_ADMIN role to a portal role or assigning a user in ABAP with role SAP_J2EE_ADMIN will automatically gives him the ability to create a user in UME or any admin functions in J2EE
No mapping required. Automatically it will give administration rights
>> what happens if user has SAP_J2EE_ADMIN role in ABAP system with out having access to Netweaver J2EE Engine, can he create users in JAVA side without actually logging in there.
if user has SAP_j2ee_admin in abap side, he can loging to Java URL. He can do all administration tasks, like user creation, role assignment etc in UME.
I hope it clears your doubt.
Best Regards
Imran
05-08-2010 4:03 PM
Ok, thanks for your answer, but this role alone in ABAP side cannot give user more permissions on ABAP side correct?
Thanks,
SS
05-08-2010 10:58 PM
Hi,
by default these roles don't have any menu or any authorizations. That's how they are delivered by SAP. It's also mentioned in OSS note 631583
Cheers
05-11-2010 5:33 PM
05-12-2010 5:55 AM
One thing very basic you need to know.
If SAP J2EE engine using ABAP as UME datasource (the case of dual stack installation), ABAP roles are mapped to J2EE groups automatically, i.e. if you create a new role Zxxxx in ABAP (ume client), then you will get J2EE group automatically.
Within standard(fresh) installation, java security (administrator) roles are assigned to SAP_J2EE_ADMIN group, that's why when you get SAP_J2EE_ADMIN role assigned in ABAP ume client, can logon to the java stack with administation authorization.
05-12-2010 2:49 PM