Thanks a lot for sharing this interesting information.

The reason why we would like to use our <b>backend system</b> for <b>role assignment</b> is that on the backend system all information exists that is needed for automatic role assignment.

For example:

- when a new employee is created in the HR module of R/3 a portal role for employee should be created automatically in the portal

- when a budget is attached to a user (in FI), this user should get a role in the portal automatically for budget management.

Does the role assignment and user creation on your LDAP happens manually or do you have a kind of automatic role assignment on your LDAP server?

Best regards,

J. Winkelmans

Dear Krishna,

There are a few solutions for this problem and we are investigating some of them now:

- you can use an LDAP server. Transfer users and the groups to which they belong from the R3 system to LDAP. The groups correspond to the roles the users have. The portal can use the groups on the LDAP server. The portal roles have to be attached to the groups and not to the users.

- we are also thinking about writing a JAVA program that automizes the manual role upload that SAP delivers in the portal. The KM part of the portal contains a scheduler which can be used to schedule the upload of uesr mappings from R3 to the portal.

- you can also make an ABAP web service that is called from a program on the portal to transfer the usermapping. The program makes use of the UME API.

- Or you can make an ABAP program on R3 that calls a JAVA program on the portal that makes use of the UME API to store the user mapping on the portal.

your iview question:

Maybe you can change the default setting for the preferred GUI in the master iview that is used for the creation of the iviews. When you create a new iview the portal creates a delta link based on the master iview., so when you change the master iview all new created iview based on the master iview will have the correct setting immediately.

Best regards,

Johan

Dear Krishna,

You certainly should read the following page in the manual: http://help.sap.com/saphelp_nw04/helpdata/en/49/9dd53f779c4e21e10000000a1550b0/content.htm

It is possible to use the ABAP user management in R3 as the data source for the portal. Roles in R3 will be seen in the portal as groups. So with this solution the user management remains on the R3 system. With stack 9 of the portal there is no restriction on the number of users anymore.

Best regards,

Johan

Except that in the portal case ABAP roles as J2EE groups doesn't work anymore in SP9, as we unfortunately discovered in the current portal project I am involved in.

SAP supports ABAP roles as J2EE groups only on XI and there is the restriction that a portal can't be installed on the same J2EE Engine. If you ask me it was a really poorly documented shutdown of a nice feature. See notes 718383 and 780679 for SAP supported UME configurations.

I can only imagine the amount of dissatisfied customers SAP will have on their hands once live EP 6.0 SP2 customers using the ABAP role integration will upgrade their portal...

We have tried to install the portal SP10 on a J2EE with ABAP roles as J2EE groups and it works very well.

Did you experience any problems? SAP doesn't support this kind of installation but we are using it because it is a solution for our problem. The alternative would be to program something by ourselves, but this solution would also not be supported by SAP.

Well, with pre SR1 the dataSourceConfiguration_r3_roles_db.xml configuration can be chosen on install. In SR1, at least when I did my last installation two weeks ago, it wasn't even possible anymore to choose dataSourceConfiguration_r3_roles_db.xml when installing.

About the project I mentioned in my previous post: I came into the project after the portal had already been installed (SP3) and patched to SP9 with the configuration file dataSourceConfiguration_database_only.xml. Afterwards it wasn't possible to switch to dataSourceConfiguration_r3_roles_db.xml in the portal UM Configuration and forcing the change in the Config Tool didn't work either (portal didn't come up after the change) so we weren't even able to get it running although we wouldn't have gone live with a non SAP supported setup either way.

Now you got me interrested. How were you able to setup a portal with the configuration file dataSourceConfiguration_r3_roles_db.xml? As I mentioned before I didn't even have the "ABAP role" option anymore when I did my last SR1 installation.

We have 2 portal SP10 installation, both make use of the configuration file dataSourceConfiguration_r3_roles_db.xml.

The first one is based on a existing WAS ABAP 6.40 installation. To install the portal on it as an add in installation the JAVA stack has to be installed first. When you choose the J2EE for XI installation the configuration file dataSourceConfiguration_r3_roles_db.xml is used. When you install the portal on this J2EE stack it works fine.

The second installation we have is a portal on a standalone J2EE stack. I have upgraded this installation already several times. In order to have ABAP group support I changed the data source configuration manually. The portal doesn't allow you to switch to the desired configuration, but if you switch it first to 'database only', you can switch it again to 'WAS ABAP user management' after the J2EE engine has restarted.

If you have problems with this configuration when the J2EE is starting up, you have to check that the correct users (J2EE_ADMIN, J2EE_GUEST) and roles (SAP_J2EE_ADMIN and SAP_J2EE_GUEST, SAPJSF) exist on the R/3 system, according to the manual.

But I didn't have any problem after switching the data source.

How did you solve this problem? Did you do some programming yourself to get the ABAP roles as groups in the portal?

Oh, now I understand. With a Add-On installation it is still possible to select "ABAP roles".

It is possible that the portal didn't come back up because of the missing users in the backend, we didn't dig into it any deeper since we had a CSN open and SAP told that even if we were to get the ABAP roles working that configuration wouldn't be supported.

We didn't solve the problem, not entirely anyway. We are using dataSourceConfiguration_r3_rw.xml with manual Role Upload (incl. Role-User Assignments) until we are able to switch to a Active Directory (LDAP) based solution. The R/3 system will still be master but user accounts, group assignments (roles) etc. will be synchronized to the Active Directory using the SAP provided LDAP connector.

I heard yesterday from a reliable source at SAP that SAP will reintroduce the ABAP roles in SP12 so that it will be fully supported also for the portal scenario.

Hello,

it got a little later than SP12 and will be SP13 now.

SAP Note 834518 (once released) will annouce this change (together with some other corrections in the UME/ABAP connectivity).

Kind regards,

Juergen Kremp

Hello Juergen,

Thanks a lot for your update. This is really good news for us!.

Best regards,

Johan