Skip to Content
avatar image
Former Member

User Management Strategy

Hi everyone,

I would like to discuss with you about User Management Strategy for multi-site MII implementations. What is the best architecture for the UME instances when you have MII users both on the corporate level and the shop floor level?

Consider we don't have a central MII server.



Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Jul 28, 2010 at 06:59 PM

    User management can cause some difficulties, mixing disconnected operation support with distributed MII servers, but wanting to use LDAP from corporate. We all have used the term 'when SAP is unavailable' but what about 'when LDAP in unavailable' - the application may be buffered but the user logins would cause the issue.

    Aside from having some form of federated/replicated LDAP I think the only option would be some essential backup local users in UME. I would imagine this would have been encountered with Enterprise Portal, or any other NW java apps in the past, but the potential for a distributed NW server (plant or region based) may be a bit different. The configuration of a solution would be done inside UME, but the best practices in this regard are what you're probably after.

    I hope that some customers with more clear strategies in this area can share their insight in this thread.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 04, 2010 at 10:58 PM

    We use LDAP groups that correspond to respective Netweaver permissions for different sites. I don't know how the LDAP is replicated across different sites, but we generally don't have problems with it. E.g. You have a:

    <Site1 group> in LDAP which has the MII User privileges and role for that site

    <Site2 group>

    <All sites group> in LDAP

    <Developer all sites group> in LDAP for Dev servers

    I think the System Administrator of each site is just part of a Netweaver group at that site, but I'm not 100% sure. I don't think we bothered to make a LDAP group per site that only has 1-2 people in the group.

    Hope this help.


    Add comment
    10|10000 characters needed characters exceeded