Skip to end of metadata
Go to start of metadata

Purpose 
Delegated user administration enables you to distribute user administration between several administrators so that each administrator is responsible for a particular set of users. For example, you can designate one user administrator for each business area in your company (Ex: Sales, Marketing, Finance, etc). Each user administrator can only create, modify, and delete users in the business area that he or she is responsible for
You configuring the Delegated User Administration in the portal when you have multiple sister companies for one client
Ex: Consider the company by the TEST which is having sister companies Like: SC1, SC2, and SC3.
 Prerequisite
Must have access to the configtool
Procedure
1) Open the configtool
To Start the Configtool execute <drive>\usr\sap\<EP SID>\j2ee\configtool\configtool.bat.
2) In the tree, navigate to Global server configuration ® services ® com.sap.security.core.ume.service.
The list of UME properties appears.

Configure the following UME property as shown below:

ume.tpd.companies= SC1, SC2, SC3 ume.company_groups.enabled=TRUE

ume.tpd.prefix=TEST (i.e. your company Name)

3) Save all the changes and restart the portal server

4) Now Login into portal navigate to user administration-> Identity    

   Management

   In the search criteria select group and in the drop down list you can see three groups by     

   the name

a)      TEST_SC1 (i.e. TEST is your company name and SC1 is your sister company name)

b)      TEST_SC2

c)      TEST_SC3

5) Now create three different user ids for each sister company

            Ex:      a) SC1_USER

                        b) SC2_USER

                        c) SC3_USER

6) Add SC1_USER in TEST_SC1 group, SC2_USER in TEST_SC2, SC3_USER in

   TEST_SC3

7) Assign delegated_user_admin_role to above three user ids

8) Save all changes

9) Now login into portal with SC1_USER and navigate to user   

   Administration -> Identity Management

In the search criteria select user and search for *It will display only one user id i.e. SC1_USER which indicated that SC1_USER is the delegated user administrator whose is responsible to work with user related activities of the users who belong to SC1 sister company only. SC1_USER doesn't have authorization to modify any users from other sister companies. In other words each user administrator (in this case SC1_USER, SC2_USER and SC3_USER) can only create, modify, and delete users in the business area that he or she is responsible for
 
10) You can repeat the same procedure for the rest of user ids    

  • No labels