cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

J2EE engine admin vs. portal admin

Go to solution
Former Member

on ‎07-05-2006 10:44 AM

0 Kudos

Hi,

can someone give me a brief discription of the relationship between j2ee users and portal users?

Both use the UME, right? Where does the active UME store initially reside (portal DB? but then, what if you have a j2ee installation without a portal?)?

Are the j2ee engine admin and the portal admin the same? What happens if you switch the active UME store afterwards to a R\3, what happens with the default portal Administrator user, is it replaced by the R\3 Admin?

Regards,

Sebastian

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-05-2006 10:52 AM
0 Kudos

Hi Sebastian,

the UME is a part of the J2EE engine and every application running on the J2EE has access to the UME - SAP applications always use the UME.

So - every user in the UME is a portal user so to say... But without assigning portal roles to a user the user can't do anything inside the portal.

The UME store is the J2EE DB (where the portal objects are stored also). It can also be the ABAP stack, so the UME connects to the ABAP user store but still has some (internal) users in its own DB.

The J2EE admin has portal super_admin rights - it is the same user.

If you switch the UME store to ABAP aferwards, all the role assignments etc will be gone! SAP does not recommend to change the UME store but right after the installation.

Hth,

Michael

Show replies
Show replies

Answers (3)

Answers (3)

Former Member
‎07-05-2006 1:27 PM
0 Kudos

Thanks for your comments Micheal, have a nice day

Show replies
Show replies
Former Member
‎07-05-2006 1:02 PM
0 Kudos

All right, got it. One last comment as the term "R\3 admin" is probably misleading the way I was using it; could you please confirm:

1) The j2ee admin is the user with the userid "Administrator" - one cannot (should not?) change this userid. He has certain implicit rights regarding the administration of the j2ee engine (e.g. he may connect to the engine via Visual Admin or SDM).

2) A "R\3 admin" is a user with certain comprehensive rights, typically SAP_ALL. After switching the active UME store to a R\3 these users appear as users in the j2ee engine (thus the portal appliction), but they have no role assignments or any implicit rights (that would possibly make them j2ee admins) whatsoever.

Regards,

Sebastian

Show replies
Show replies
Former Member
‎07-05-2006 1:11 PM
0 Kudos

> 1) The j2ee admin is the user with the userid

> "Administrator" - one cannot (should not?) change

> this userid. He has certain implicit rights regarding

> the administration of the j2ee engine (e.g. he may

> connect to the engine via Visual Admin or SDM).

It may also be called "j2ee_admin" depending on the NetWeaver release you have...

> 2) A "R\3 admin" is a user with certain comprehensive

> rights, typically SAP_ALL. After switching the active

> UME store to a R\3 these users appear as users in the

> j2ee engine (thus the portal appliction), but they

> have no role assignments or any implicit rights (that

> would possibly make them j2ee admins) whatsoever.

100% right!

ABAP rights like SAP_ALL have nothing to do with J2EE rights and vice verca. Only the users are shared between J2EE and ABAP - but not the rights. You can assign certain ABAP users the J2EE admin rights, but you don't have to...

Michael

Former Member
‎07-05-2006 11:50 AM
0 Kudos

Thanks for your clarifications Michael,

some additional question

On admin logon to the portal it checks the password against the admin's password stored in the UME, right? Any other external application like a SDM running somewhere connects as admin to the engine which verifies against the admin's password stored in the so-called secure storage, right? So both should better be in sync, or is there any scenario in which different values could make sense?

What happens with the R\3 admin after switching the active UME store to R\3, does he become the j2ee admin as well? Does my comment above regarding the secure store still hold if the R\3 (alias j2ee-) admin's password is now stored in the R\3 (to which the UME then points to)?

Regards,

Sebastian

Show replies
Show replies
Former Member
‎07-05-2006 11:55 AM
0 Kudos

> On admin logon to the portal it checks the password

> against the admin's password stored in the UME,

> right? Any other external application like a SDM

> running somewhere connects as admin to the engine

> which verifies against the admin's password stored in

> the so-called secure storage, right? So both should

> better be in sync, or is there any scenario in which

> different values could make sense?

As far as I see it - synced anytime or you will be in trouble

> What happens with the R\3 admin after switching the

> active UME store to R\3, does he become the j2ee

> admin as well? Does my comment above regarding the

> secure store still hold if the R\3 (alias j2ee-)

> admin's password is now stored in the R\3 (to which

> the UME then points to)?

The J2EE admin is still stored in the UME DB and not in ABAP. So there will be no change in that... If you mean SAP* or DDIC when talking about R/3 admin - no, they are only admins for ABAP even if you connect the UME to ABAP.

kr,

Michael

Ask a Question