SAP Hana User Self-Service Configuration
In my documentation I’ll explain how to configure and use the self-service feature in SAP Hana, in my scenario I’ll use the case when you have external corporate user who wants to access some test application by requesting user creation
For my setup I will use Hana rev122 with SAP Hana SHINE deployed on SLES 12 virtual machine from ESXi 6.0
Disclaimer: My deployment is only for test purpose, I make the security simple from a network perspective in order to realize this configuration and use open source software
In order execution
- Setup SMTP server in Hana
- Setup Self-Service Administrator and Technical user
- Maintain USS initialization parameters
- Maintain Email Template
- Request new user account
- Accept and Activate account
- Maintain user profile
- Optional : change background USS picture
SAP HANA Administrator Guide
From a process perspective the remote user access the panel of available application from the Hana portal, from the self-service link on the web page the user request to have an account created in order to access the application wanted.
Once the request made, a confirmation email is send to notify the administrator of the system to activate the account if the automatic creation is enable or to create the new account.
At the same time an email is send back to the external to notify him/her that the request has been submitted.
When the administrator has accepted and activated the account, an email is send automatically to the external with his/her credential.
Setup SMTP in Hana
In order to configure my SMTP server I will go on the SMTP configuration application from the cockpit
Setup Self-Service Administrator and Technical user
The User Self-Service tool required to have two specific user to work, an administrator user who manages the self-service requests and access lists must be assigned the role and a technical dedicated user who is used to execute tasks associated with user self-service requests, for example, sending e-mails in response to user requests.
I will start by the administrator user account, this can be done by the studio or the cockpit
And I grant the role sap.hana.xs.selfService.admin.roles::USSAdministrator
Now create i access the USS administration at the following url : http://<myserver>:<port>/sap/hana/xs/selfService/admin.
My administrator created do the technical user by the same proceed and assign the role sap.hana.xs.selfService.user.roles::USSExecutor
Once done I need to assign the selfservice.xssqlcc artifact, in order to proceed I need to go in the artifact administration
Follow the path up to selfService.xssqlcc
Once there go on edit node and provide the user/password create for the purpose and activate
Note : you probably notice that a user was already selected, this user is generated when Hana is installed.
Maintain USS initialization parameters
My two user created and my xs artifact activated, I can now start to maintain and initialize the necessary USS.
To do this i need to be connected as USSADMIN user and select the “INI PARAMETERS”
Several option are available, I’ll turn all of them except “Automatic User Creation” so I can control the activation of the account
Maintain Email Template
My service is now up and running, I can customize the content of the email send during the process of creation, request, activation and forgot password
This can be done by selection “Email Templates” from the left side menu
Once you have change the content of the template, we just need to hit save.
Request new user account
We are ready to make some testing and check our process, do so I’ll access my hana SHINE page where I have made some change in order to make it public accessible for the page presentation.
And when I click on the app I would like to use I can see the introduction of the app
And if I click on continue it is requested for a user/pass, I can now do so by clicking on “request account” and fill up the necessary information
Once submitted, the following message shows
I check my mail box, and I can see the auto reply from my request asked me to verify my email
When I click in the link I can now create my password
Accept and Activate account
My request submitted, a notification is send to my internal lab admin user
I can see now from the admin request cockpit that I have a pending request waiting to be activate or rejected
If I check from the studio, we can see the user create automatically but deactivated because of the option I have chosen earlier
Before to activate the account, I need to provide this new user the necessary role and authorization in order to be able to use the application wanted.
Once done, I activate the account and notify the user
And finally check my user mail box and can see that I have receive my confirmation email for my account activation
So I click on the link and access the application with my new user activated
And I’m in
Maintain user profile
Each user account is associated with a profile, the user who owns the profile must adjust the settings to suit personal preferences.
In order to be able to manage its own preference the following role needs to be provide to the users “sap.hana.xs.formLogin.profile::ProfileOwner”
Once done, the use can manage his/her preference from the link /sap/hana/xs/formLogin/profile/
Optional: change background USS picture
It is possible to customize the background image displayed in the logon Web page, for example, by specifying the URL to the image displayed as background in the logon screen.
To do so, I need to add the following parameter in the xengine.ini under httpserver
The url of the picture if base from my package
So now when I access my default web page and request for a new account I have the following
My configuration is now completed to setup User Self-Service feature.