Creating a Read Only User Admin Role
I’ve decided start blogging on SDN about common requests I get from SAP customers. Although the information is available online, it is often not step by step and could take some digging. Although short, hopefully you find this short “how-to’s” useful.
In this blog, we’ll cover how to create a read only version of the User Administration role. For example, this could be useful to assign to help desk personnel who should be able to check role assignments but not modify any information.
This can be accomplished by customizing UME actions that reside on the J2EE Engine. UME actions are very useful and allow you to customize your roles to your specific needs instead of just assigning the standard user_admin role.
To read more about the UME Actions, you can find information here:
To start, we will copy the user admin role by navigating to it under Content Administration. Portal Content–>Portal Administrators–>User Administrators. Right click on User Admin role and select the Copy option.
Next, we are going to paste this role into our own customer Portal Content Directory (PCD) folder by navigating the PCD to the folder and selecting Paste as Delta Link.
After confirming the Paste Dialog box, the next step would be to change the pcd id and rename the role to something more meaningful, like User Admin Read Only.
In addition, we are going to remove the Import and Activity Reports functionality from our new role since we only want to give users ability to view user information.
Now we are ready to adjust our UME Action and remove the ability for role assignees to modify users and set it to Read Only.
UME Actions are modified through the Identity Management utility. Browse to User Administration tab and pull up the role in Edit mode.
Navigate to the Assigned Actions tab. You’ll notice, that by default, the role has the Manage_All action, which allows Admins to modfiy users.
We are going to remove the Manage_All action and assign the Read_All action as shown below:
After saving the role, you can assign it to your target user population. When they log into the portal, they will get a User Administration Read Only tab and the Modify button will be disabled!
As shown in this simple blog, UME Actions are a powerful tool that can be used to create a variety of customized roles for your NetWeaver J2EE implementation.