Attribute to lock Portal UME user

Hi SAP Expert,
Does anyone know the attribute for locking UME user id in Portal Batch Import?
I am trying to use 'Portal batch import' to mass lock portal users, that is by importing a batch file with corresponding uid. I search up and down and couldn't find the attribute that responsible for the lock status in portal.
Have anyone experience a similar issue and know where to look for the lock attribute label?
Thanks in advance.

Jim,
It sounds like you already have a text list of  users, who have left the company and the list is too long to easily search for each individual user and lock them.
One thing you could do is the following:
1. Create a group called temporary.
2. Add this group to all the users as follows:
[user]
uid=john.doe
last_name=doe
group=temporary
If your SAP NetWeaver system is 7.0 or earlier, this removes all other group assignments from these users! If you have SAP NetWeaver 7.1, you can use the following syntax:
group=+temporary
. This add the gorup assignment without removing the others.
3. Start identity management and display all users who are members of this group.
4. From the Table selection menu, choose Select All.
5. Choose Lock.
6. Enter the reason for the lock.
7. Choose Lock.
This seems to be a rather roundabout way to achieve your goal. Unless you are talking about thousands of users, it still might be easier to lock each user by hand:
1. Start identity management.
2. Copy the user name into the search field.
3. Search.
4. Select.
5. Lock.
Repetitive, but not nearly as destructive.
SAP NetWeaver Identity Management offers additional functions, enabling you to trigger the locking of users automatically and removing all authorizations, say if your HR system changed the users status. But it does not sound like you have that option right now.
-Michael

Similar Messages

  • Sync User Locks from LDAP(Microsoft AD) to Portal UME

    Hi All,
    Currently we have our Portal UME connected to LDAP (Microsoft AD) as our data source. I can bring up all Active Directory users in Portal, however the users that are locked and disabled in Active directory are still active in portal. To be more clear the expiration date of a userid in AD does not sync with Portal UME account expiration date. Is there a way to bring in the expiration value in to portal?
    Regards,
    Junaid

    Config tool may not have expiry date as mapping in Additional LDAP prop tab, you may need to look for configuration file where you can map the logical attribute to the LDAP.
    Licensing impact depends on your contract with SAP.
    However you can check portal users with USMM at the end of URL.
    E.g.
    remove 'irj/portal' from your initial portal link and add 'usmm'

  • Custom user attribute from ABAP to Portal UME

    Hi All,
    We have choose the ABAP as the data source for portal UME. We have a custom user attribute in the abap. Now i want to bring that custom user attribute from abap to custom user attribute in the UME.
    Any help will be rewarded.
    Thanks
    Sarang.

    Any resolution to this issue?

  • How to access custom ume user attributes via VC?

    Hi guys,
    I configured a custom user attribute within the ume configuration:
    <a href="http://help.sap.com/saphelp_nw2004s/helpdata/de/44/0316d50bbe025ce10000000a1553f7/frameset.htm">Adding Custom Attributes to the User Profile</a>
    Now, how can I access this attribute within my VC model (user data)?
    Thanks for your ideas
    Benny

    Hi,
    Regarding adding properties to user data control, i have the following information. But i am not sure, whether it will be helpful to you.
    You can add a personalise property/User mapping property into a user data control.
    Drag a User data component, go to configure and click the + sign at the bottom of User parameters.
    You can add any personalised properties to the user data (with valid data types and allowed values). Then can use the property in any formula.
    When iView is opened in portal, the personalise property of that particular iView is used to change the property value
    Hope it helps.
    Regards,
    Sooraj

  • UME User Attribute

    Hi All,
    I want to use a standard UME user attribute which should allows multiple values.  Is there any standard UME attribute allows multiple values.
    I need this functionality to create a Virtual Group.  I have followed the [Help Link|http://help.sap.com/saphelp_nw70/helpdata/en/43/fcfa2942ed7067e10000000a1553f6/content.htm].  to create Virtual Group based on UME department attribute.  Department attribute is not supporting multiple values. 
    I want to achieve this is in Standard Configuration of Portal.
    Can anyone help me or list me the Standard UME attribute which supports multiple values. 
    Thanks in Advance.
    Regards
    Venkatesh. K

    Hi Venkatesh,
    I did a quick search of the online help and found this...
    The user attributes do not support multiple values by default, but if you mapped an attribute to an LDAP attribute with multiple values, you could read for a user the attribute department, which has the values Marketing and Distribution. This user would then belong to both virtual groups Marketing and Distribution.
    It is in the documentation for [configuring virtual groups|http://help.sap.com/saphelp_nwce10/Helpdata/EN/43/fcfa2942ed7067e10000000a1553f6/frameset.htm].
    So it all depends on your data source.
    -Michael

  • LDAP user details not showing in Portal UME

    We have implemented kerberos single sign on using the kerberos xml datasource file and have the corporate LDAP as our UME source.
    However certain user details that are maintained in LDAP (such as department, street etc) are not being pulled through to the portal UME.
    We know the connection to the LDAP is OK as we can create new users and they appear in portal UME - its just that it seems to be missing several user attributes.
    Is this related to the settings in the xml file?
    And if so, what needs changing??
    thanks
    Simon.

    Hi Simon,
    all the attributes that are available in your LDAP can be made available in the UME via the dataSourceConfiguration. The default files does not include every attribute since these may vary from directory to directory. Please take a look at http://help.sap.com/saphelp_nw70/helpdata/en/b7/14d43f2dd44821e10000000a1550b0/frameset.htm
    and especially at: http://help.sap.com/saphelp_nw70/helpdata/en/44/7d188751626fb5e10000000a155369/content.htm and http://help.sap.com/saphelp_nw70/helpdata/en/1a/2bee408a63732ae10000000a155106/frameset.htm
    Hope this helps,
    Holger.

  • Portal UME in ABAP asking user mapping???

    Hi all,
    I've decided to configure portal UME beeing the ABAP UME in backend system. I Can create users in portal and SU01 and i can logon in both systems with the same user. Now i've a system to connect the MSS/ESS iviews and portal asks me for user credentials in R/3, why ? It is the same user !! Have I to configure anything more?
    Thanks for replys,
    Best Regards,
    Pedro Rodrigues.

    Hi Pedro,
    To my knowledge ESS/MSS iViews are connecting ICM server on ABAP side and, thus, BSP iViews (at least, some of them). To avoid requests for user credentials from ICM server you need to configure SSo between your J2EE (where Portal is installed) and ABAP systems.
    Here is the link that might be helpful for you:
    http://help.sap.com/saphelp_erp2005/helpdata/en/89/6eb8e7af2f11d5993700508b6b8b11/frameset.htm
    Also you can search in the SDN Weblogs for steps on how to configure SSO.
    Regards,
    Mike

  • How to get Portal Login user ID and Groups using UME API in JSPDynpages

    Hi Experts,
    How can I get the portal logged user ID and bsed on that ID need to get his assigend groups.
    For this Initially I need to get the logged user ID using UME API.
    Can you drop the code to write and display using JSP Dynpages?
    Thanks
    Venkat.

    Hi,
    Try the below code
    IUserFactory userfact=UMFactory.getUserFactory();
    IUser user=userfact.getUserByUniqueName(request.getUser().getUserId());
    String usrid=user.getUniqueName();
    And also you can get the groups assigned to user by using the below code
    Iterator groups = user.getParentGroups(true);
    while (groups.hasNext()) {
         String groupstr = (String) groups.next();
         IGroup g = UMFactory.getGroupFactory().getGroup(groupstr);
         response.write("Group name "g.getUniqueName()"<br>");
    Regards
    Suresh

  • Portal UME data store and various options (Opinions needed!)

    We are currently exploring our options with connecting the portal (UME) to various data sources for user authentication. Per EP 101, we all know that yes, we can authenticate against (1) the portal db (2) the portal DB + an SAP system and (3) the portal db + a LDAP directory. Now, of course, in most cases, #3 is the standard option. But now, we want to explore another option.....what if we set up synchronization with the LDAP directoy (ie. http://help.sap.com/saphelp_nw04/helpdata/en/95/49cb3a663bfc70e10000000a114084/frameset.htm). For example, our process is such that now, within SAP R/3, a "new hire" is created and then this triggers the creation of their userid/password in the external LDAP directory as well. Is it possible to then have synchronization set up so that the LDAP directory will then synchronize with the portal db and create the user in the portal db itself? (the example given in the help file seems to suggest this but does not provide any detail). Then the portal could authenticate users against it's own db? (ie. no need to make a "trip" to the LDAP directory). Soooooo first off, is this possible and if so, how? Second, what are the pros/cons of this approach versus the standard option of simply using the LDAP directory for authentication and storing only portal specific attributes in the portal's own db? Lastly any "gotchas" to be aware of (ie such as "yes this works fine for NDS but no way will it work for MS-AD" haha)?
    oh...and one more...take the LDAP directory out of the picture for a moment...is it possible to "synchronize" directly from an SAP system (such as 4.6d or ECC5.0) directly with the portal db (as well as other SAP componenet systems)? (*this one is more out of curiousity than anything...past experience with CUA. haha)
    thanks BIG TIME in advance!
    Chris

    Chris I can answer the second part of your question only, sorry!
    It is possible to automatically sync users directly from a sap system, I currently do this for relase 4.7, so it should work ECC5 on onwards (you would think). As for 4.6c/d? I just posted a new thread asking that very question, hopefully someone helps!
    with NW04 portal and about SP13 or better you get a new UME connection option - dataSourceConfiguration_abap.xml, picking this automates the link between ABAP and portal users & roles.
    Any user created in 4.7 automatically appears in portal plus (this is the good bit) dataSourceConfiguration_abap.xml makes all ABAP security roles appear as portal groups. You then simply assign one of these replicated groups to your portal roles, so a user assignment to a role in ABAP seamlessly becomes assigned to a portal role, giving you portal use managment without having to go near the portal system.
    So it's not really like CUA at all, just a mechanism that automatically replicates all ABAP users & roles into the portal in a useable form
    hope that helps a little
    danny

  • NetWeaver UME user database

    Hello Experts,
    For SAP Sourcing 7.0, In a scenario the Buy Side and Sell side users need to be authenticated against NW UME data base. So while configuring the Directory settings the driver is set to NW UME. (for both internal and external users). And attributes (NAME, F.NAME, L.NAME and EMAIL) are mapped with NW UME (Users will be createdpushed to NW  in SAP Sourcing and UME). Along with this "bypass_error_block" property is set to "TRUE". When a new user is created in SAP Sourcing 7.0, The same user is created in the NW UME sucessfully.
    But while accessing to the URL few errors were noticed;
    1) For the first time, When tried to open buyside URL; SAP Netweaver log on page is displayed asking for the user credentials and when the user credentials are provided it takes to the SAP Sourcing page. BUT Is it that when we configure with NW UME, the users need to access through Netweaver log on page (or they will access the SAP Sourcing page)
    2) For the second time, When tried to access the system portal(fssystem) on the same explorer, the SAP Sourcing log on page is displayed. And system ID log in happened successfully.
    3) Now if the same buy side URL(fsbuyer) is opened on the same explorer then SAP Sourcing log on page is displayed (not the SAP NetWeaver) asking for user credentials and when user credentials are provided it throws an error "Entry Doesn't exist".
    (NOTE:- It was verified that the URL for point 1 and point 3 are one and the same)
    4) In order to get back to the NetWeaver log on page to access the SAP Sourcing system, we need to close all the explorers and reopen the buyside portal.
    More over; For the Enterprise log in, one interesting property was found; when we try to log in for the first time it throws an error " Entry doesn't exist". But from second time onwards it successfully allows for log in.
    Is there anyone who is facing similar type of error. Or is there any other settings need to be done for cluster and directory configuration?
    Your help would be really appreciated.
    Thanks
    Jagamohan

    This tool looks interesting, and might be useful to Rao, but it would need some improvements to make it secure. I suggest using cryptographically secured session between the domain controller and the SAP system so that password changes can be send to SAP, and then captured by an RFC function module, and written into SAP user store. Since RFCs in SAP can be secured using SNC, and AD uses Kerberos, it would be good/easy to use Kerberos to secure the session between the DC and SAP ABAP when passing the password over the network. Then, the J2EE engine can be configured to use ABAP as the user store via UME. The end result is that Active Directory can be used to authenticate to SAP, and if AD is not available, or wide area network is not available the ABAP/UME password can be used locally.
    One issue worth considering, is what happens when there is no network connection from the domain controller to the SAP system ? The software would have to queue the request so that when network connection is back, the password change is pushed to SAP system, and then the two password stores will be in sync at all times. Without this queuing system there is a chance the password will get out of sync.
    Obviously, a lot of work to do in order to make this work, especially if you want it to work securely and reliably. However, it has some possibilities.
    Take care,
    Tim

  • IdM 7.2 UI - link between UME "User ID" and MSKEYVALUE

    Hello together,
    if we provide somebody access to the user interface of the IdM the user has no permissions/can not see any tab in the Portal UI.
    The user has the necessary UME actions/role in the portal and the corresponding identity has the nescessary MX_PRIV* privileges in IdM.
    We are using generated MSKEYVALUEs in our IdM landscape which are not the user IDs of the employees. Therefore UME "User ID" and IdM "MSKEYVALUE" are not the same.
    Example:
    My user ID in the portal: micfra
    My MSKEYVALUE in the IdM: 0123456
    But there is another Z attribute which contains my user ID.
    If I Change my MSKEYVALUE temporary to "micfra" everything is working fine.
    Is there any possibility to configure the IdM so that another attribute will be used to link both systems? How can I provide user Access to UI when MSKEYVALUE do not contains user ID of portal?
    Thanks and best wishes
    Michael

    Hi Michael,
    I've always had MSKEYVALUE and my UME ID match when using UME as the back end.  It's just easier and provides a known, common link between my systems.
    However it seems if you wish to use another value, you can change this by going to your Identity Store, General Tab, and change the value of Unique ID.
    Hope this helps,
    Matt

  • How to enable create user option in portal under user administration?

    Hi,
    In Portal, in user administration tab, always the create user and Copy to  New user option is disabled, how can i enable those?
    -Siva

    If the AS ABAP is your datasource for your users there is NO WAY you can create users in the portal UME.
    &#9679;     If the UME has read-only access, you cannot modify user attributes stored in the ABAP system, like first name and last name. You can modify attributes stored in the UME database, like street. Even if read-only access is assigned, users can still change their own passwords.
    &#9679;     If the UME has read-write access, you can create users using the tools of the J2EE Engine. Users created in this way are stored as users in the ABAP system. Extended user data that cannot be stored in the standard ABAP user record is stored in the database of the UME.
    in the read/write access the users are created only in the ABAP side and not the java. If you have the read access you cannot create users in the abap side. hence you need the SAP_BC_JSF_COMMUNICATION role to create users in the AS ABAP.....
    Trust me .......bottomline ....you cannot create users in the JAVA UME if you have AS ABAP as your datasource !!!!
    hope this helps..
    \m/

  • CUA as data source for portal UME

    Hi all
    We want to use the CUA system as the data source for our EP6's UME.
    Obviously our end users do not login to the CUA system and therefore have no password to this system. It doesn't seem rational to provide them a password to this system, but then again which password will they use?
    I'm guessing that this is the case for most of the SAP customers.
    Does this mean that we can't use the CUA as the UME data source?
    If any of you use the CUA as the UME, we'd be very glad to hear your solution to this situation (we can't use one of the child systems as the UME).
    Thanks,
    Yeti

    Hi Yeti,
    My remarks below will not answer your question but it will help you with some decision on your UME data source.
    As far as I know, most Portal use LDAP as their main UME datasource. This is largely due to the fact that LDAP contains ALL the users that are "employee" of the company. As for CUA, it does not contain ALL your users which could pose a problem for you when you want to execute certain Portal functions (or management approval flows) which require users who does not exist in your CUA (but exist in LDAP).
    3 presentations which I think its good to have a look and share with....
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d5f57332-0a01-0010-12ab-dd472e87b8e6
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/c477de90-0201-0010-35ab-ddac4448ba9f
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/706065c4-3564-2a10-2382-a52fcbd7eefb
    But there are also setup that uses CUA as their UME. I have linked some of the past threads who use CUA as their UME. I hope they can shine some light to your question. You can do a search here in the forum with "CUA UME portal" and you will also find posts that can help answer your question.
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/706d054d-da24-2b10-f18a-fc82faf6468e
    Solution Manager as a  source for Portal UME
    Multiple SAP Systems as UME
    EP
    Something to think about if you consider SSO with CUA as UME.
    how to sso between portal and abap
    Something more interesting to read about:
    LDAP connection from ABAP to Portal
    The above are base on my experience and the Portal setup which I have done for the company. But maybe there are better suggestions from other Portal guys,Experts,Gurus out here who will contribute to answer your question. 
    Hope that helps.
    Ray

  • How configure SAP IDM as EP Portal UME?

    Hi,
    I'm doing a proof of concept on the identity management 7.1
    I have established a LDAP connection using the Virtual Directory Server with another machine that contains an Active Directory, in this active directory I created users and groups that thanks to LDAP connection can be seen from the Virtual Directory Server.
    Also I have on another machine EP Portal 7.02, I got to integrate into the Portal 7.02 Identity management tab, but this is not the functionality we want to achieve.
    I want to get IDM to function as EP Portal 7.02 UME, is this possible? You have any idea how this could be done?
    Regards

    Not sure if I've understood correctly as English is not my 1st language, but..
    1) Set up a VDS service that exposes IdM data over a LDAP interface. In VDS go to "New / SAP Netweaver 7.x / Idm VDS UME 7x.xml" finish the wizard and verify the settings, set the configuration as windows service and start it, test the connectivity with LDAP browser.
    2) Once the connectivity exists and you're happy with the results, configure the Portal UME to use this datasource.

  • Activity reports showing only UME users

    Hi,
    Activity reports showing only the status of UME users. It is not showing the status of the users coming from LDAP.
    Will there be any additional settings needed for this. Can anyone give me the step by step full details of the activity reports cofiguration settings.
    Raghu

    Hi Raghu,
    What kind of report are you talking about?
    General information for How the Portal Activity Report Works :
    http://help.sap.com/saphelp_nw70/helpdata/EN/b5/c652070d474533a18a930112a4b926/frameset.htm
    Viewing Activity Reporting Status :
    http://help.sap.com/saphelp_nw70/helpdata/EN/08/242f423d09f750e10000000a155106/frameset.htm
    Regards
    Victoria Gur
    SAP IBD

Maybe you are looking for