cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to store different users in different datastores (UME/AD)

evgeny_turovsky
Participant

on ‎07-11-2018 2:34 PM

0 Kudos

Hello everyone!

There is a challenge for SAP Netweaver AS Java UME:

According to note 2051697 - Security Policy Enhancements, there are two attributes: SERVICEUSER_ATTRIBUTE which has value IS_SERVICEUSER and SecurityPolicy which can have different values: technical (for Technical User security policy), default, internal or custom (for example, Admins if I created custom security policy with the same name "Admins").

So, I want to store Technical users, Internal users and users with Security policy Admins in UME database, but business users with, for example, Users security policy, in Active Directory data source.

For service users there is attribute SERVICEUSER_ATTRIBUTE which defined in datasource file as:

<homeFor>
<principals>
<principal type="account">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
<principal type="user">
<nameSpace name="$serviceUser$">
<attribute name="SERVICEUSER_ATTRIBUTE">
<values>
<value>IS_SERVICEUSER</value>
</values>
</attribute>
</nameSpace>
</principal>
<principal type="team"/>
<principal type="ROOT"/>
<principal type="OOOO"/>
</principals>
</homeFor>

for PRIVATE_DATASOURCE (UME database) and the same in a <notHomeFor> tag for CORP_LDAP datasource.I tried to implement the same description with a SecurityPolicy attribute with a value "technical" (see note 2051697), but after restarting the application server I can't create users with security policy "Technical user" anymore. I get an error: "No data source feels responsible for principal. Please check the data source configuration!".How should I split storage for different user types (in my situation are: Business users and all other users(Technical, internal, Administrators.. ).

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

evgeny_turovsky
Participant
‎07-18-2018 10:40 AM
0 Kudos

Consistency check tool did not reveal any problems. And recommendations of the note 673824 - LDAP Recommendations for UME are also fulfilled. It seems to me that there is some technical problem or an undocumented feature of the UME. I asked a question to the SAP support. I'm waiting for an answer, but now the third day are silent.

Show replies
Show replies
former_member561790
Explorer
‎05-15-2020 12:40 PM
0 Kudos

Hi,

Did you get a response from SAP support on your issue?
I have the same requirement.

I notice that the SecurityPolicy attribute is only applicable to the "account" principal and not the "user" principal.
So I suspect that splitting the user storage target by SecurityPolicy attribute, is not going to be possible.

Thanks.
Darryl

oppancs
Contributor
‎07-15-2018 9:43 PM
0 Kudos

Dear Evgeny,


Please see the datasource configurations of online help:


https://help.sap.com/doc/saphelp_dm40/4.0/en-US/7e/a2d475e5384335a2b1b2d80e1a3a20/frameset.htm

The following help describes that it is allowed to use multiple datasources:

https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/5b/5d2706ebc04e4d98036f2e1dcfd47d/frameset.h...

See:

The UME can be configured to read and write user-related data from and to multiple data sources, such as Lightweight Directory Access Protocol (LDAP) directories, the system database ofSAP NetWeaver AS for Java, and user management of SAP NetWeaver Application Server for ABAP.


Additionally please check whrther you content to the prerequisites according to SAP Note: 673824 - LDAP Recommendations for UME


In case you think you fit all of the prerequisutes check possible issues by UME consistency check tool as per SAP Note: 1016283 - UME Consistency Check Tool


Best practice can be to search in the consistency check tool traces for this "Technical user" which is problematic.


Regards,
Barnabás Paksi

Show replies
Show replies
Ask a Question