on 01-06-2009 10:46 PM
Hello,
We are implementing the UME for external users. Each of these companies have branch offices. How to manage the users in each branch office. An Admin can manage more than one branch office. And each branch office must have an Admin (along with specialist, general_content roles).
Can this be realized using the UME groups.
I tried a simple case using delegated user administration, but it doesn't serve the requirement, as it is not at the UME group level.
Thanks
Srinivas
Delegated user admin assumes that a user can either administer 1 company or all companies. 1 person can't administer a specific subset of companies unless thay have a different username for each company to administer...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your response. Each company has branch offices. So the Administrator can manage users belonging to more than one such branch (belonging to the same company). The branch offices have office numbers associated with their names, For example, CompanyA_branch001, CompanyA_branch002, etc.
And the branch offices each have roles like Admin, Specialist, general_content (corresponding to order status for that particular branch).
Thanks
Srinivas
Hi Michael,
Thank you for your quick response. We are not using LDAP at this point (although, we'll eventually integrate LDAP and UME). For now UME is the data source for these external users.
What we are trying to implement is user administration at the branch office level and not the company level.
CompanyA
> branchOffice1 > branchOffice2 CompanyB |
> branchOffice1
> branchOffice2
Each branchOffice, has an admin role
Each admin role can manage more than one branch office.
Can this be feasible in UME !
Thanks
Srinivas
How about the specialist roles at the branch office level..., the specialist role can view/edit invoices. Its tedious to write multiple webdynpro applications for each such role at the branch office level. (admin, specialist).
Can we not leverage the UME groups (sub groups) to realize this requirement?
Admin roles and specialist roles at the branch office level ( and not at the company level) ?
Thanks
Srinivas
Maybe I'm not understanding. You were asking how to do user administration. In other words how to create new users in a delegated way and give them group membership and do role assignment. Now you are asking about editting and viewing invoices.
A role is just a set of functions that can be executed. It is given to a set of users, normally through group membership. The application that is started has to decide who is allowed to do what. This is normally by authorizations in an ABAP system. How are you writing these applications?
We are trying to implement the UME for external users who are spread out in companies and branch offices under each company.
1. Admin role at the branch office level ( should allow to create/delete/change users at the branch office level)
This is kind of delegated administration, but not at the company level but branch office level.
2. We are trying to also deploy a Java webdynpro, that should only show orders pertaining to that particular branch office.
3. There are specialist roles at the branch office level who are allowed to access/edit invoices pertaining to that particular branch office.
This is on portal side (java stack).
Thanks for your response.
Srinivas
Edited by: srinivas M on Jan 7, 2009 10:59 PM
I think I see some confusion between UME and security.
UME is all about creating users etc and assigning them to groups and roles. As I said, I think you will need to have your own application to do this to allow for creating users in different branches etc. Using the delegated admin tool will be too messy for you as they need to have the Jave instance reatarted every time a new branch is added. Also, brabch is not specific enough for your needs.
Security is about deciding at run time who is allowed to do what. This could be based on things like group membership if it is a pure Java app etc, or using actions. However, most applications started from the portal are based on getting data out of an ABAP based system, which is then relying on ABAP authorisations.
Sreenivas,
As per my understanding you want put the set of yours into a Group.
You can create a group for the userr and and assign or if the number is huge then follow this
System Admin -> system config -> UM Config -> direct Editing -> ume.tpd.companies= company1,company2,company3
Restart the server
Go to user admin create/modify users and select the company from the field "company" where u can seacrh the assigned companies in UME settings (i.e, company1, company2 etc)
Ram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
98 | |
11 | |
11 | |
10 | |
10 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.