Controlling security aspects for WCEM users

You want to define the number of failed login attempts allowed before the user account will be locked. In a User Storage System scenario like ‚ABAP only‘ or ‚UME and ABAP‘, this is controlled by the underlying AS ABAP Server.

Image 1: WCB-Settings

In case the UME has a user storage AS ABAP, its own policies doesn’t apply but only the one of the AS ABAP server.

Image 2: UME and ABAP system overview

Depending of the ABAP component SAP_BASIS

Image 3: System Status

this can be defined either in the ‚profile parameters‘ (SAP_BASIS before 7.31) or in the ‚Security Policy‘ (SAP_BASIS 7.31 and higher).

ATTENTION: In case of SAP_BASIS lower 7.31 there is no possiblitly to define different settings for internal users and WCEM users.

In case your AS ABAP system runs on a version SAP_BASIS 7.31 you can easly influce the ‚Security Policy‘ for WCEM users without modifying SAP standard coding.

First you need to create a new Security Policy using transaction SECPOL.

Now, depending on your AS ABAP system, either CRM or ERP, you can use the following injection locations for your coding.

CRM: function module COM_BPUS_INTERNETUSER_CREATE import parameter IS_LOGONDATA -> SECURITY_POLICY

ERP: form ‚create_su01_user‘ in function group WEC_USER using parameter p_wa_logondata -> SECURITY_POLICY

In both cases use the implicit enhancement spot (for more details please see here: http://wiki.sdn.sap.com/wiki/display/ABAP/How+To+Do+Implicit+Enhancement) at the beginning of the coding unit to set the security policy relevant for WCEM users.

Now while registering a new user for WCEM your security policy for this user will be applied.