Skip to Content

I’ve decided start blogging on SDN about common requests I get from SAP customers.  Although the information is available online, it is often not step by step and could take some digging.  Although short, hopefully you find this short “how-to’s” useful.

In this blog, we’ll cover how to create a read only version of the User Administration role.  For example, this could be useful to assign to help desk personnel who should be able to check role assignments but not modify any information.

This can be accomplished by customizing UME actions that reside on the J2EE Engine.  UME actions are very useful and allow you to customize your roles to your specific needs instead of just assigning the standard user_admin role.

To read more about the UME Actions, you can find information here:

http://help.sap.com/saphelp_nw04s/helpdata/en/5f/670db7939b8e48999d65f8a05ad611/frameset.htm 

To start, we will copy the user admin role by navigating to it under Content Administration.  Portal Content–>Portal Administrators–>User Administrators.  Right click on User Admin role and select the Copy option.

image

Next, we are going to paste this role into our own customer Portal Content Directory (PCD) folder by navigating the PCD to the folder and selecting Paste as Delta Link.

image

After confirming the Paste Dialog box, the next step would be to change the pcd id and rename the role to something more meaningful, like User Admin Read Only.

image

image

In addition, we are going to remove the Import and Activity Reports functionality from our new role since we only want to give users ability to view user information.

 

BEFORE:

image

AFTER:

image

Now we are ready to adjust our UME Action and remove the ability for role assignees to modify users and set it to Read Only.

UME Actions are modified through the Identity Management utility.  Browse to User Administration tab and pull up the role in Edit mode.

image

Navigate to the Assigned Actions tab.  You’ll notice, that by default, the role has the Manage_All action, which allows Admins to modfiy users.

user_admin_before_edit

We are going to remove the Manage_All action and assign the Read_All action as shown below:

image

After saving the role, you can assign it to your target user population.  When they log into the portal, they will get a User Administration Read Only tab and the Modify button will be disabled!

image

 

As shown in this simple blog, UME Actions are a powerful tool that can be used to create a variety of customized roles for your NetWeaver J2EE implementation.

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Michael Nicholls
    Hi Marty
    Is there any real advantage in making the read only admin role a delta link to the SAP supplied role? What exactly is being delta linked? If someone accidentally deletes the original role, will the copied one still work? The same question also applies with new content being added to the original role?

    Cheers
    (maybe I need to read the new book to find out all about this!)

    (0) 
    1. Martin McCormick Post author
      Hi Michael-

      Thanks for your reply.  You raise a good question and I guess out of habit I used delta link copy as there are typically many advantages to this (such as any changes to the role in places where you haven’t modified).  In addition, iView properties would be inherited. 

      However, in this case I really dont think there is an advantage or disadvantage since any changes to the underlying Web Dynpro would still be reflected if the “copy” method.

      Thanks!
      Marty  

      (0) 

Leave a Reply