User Access Management(UAM) in SAP

What are the various options to perform UAM for SAP solutions from an external application? For example can we create Users, groups, assign roles etc within SAP?
1) Is webservice an option? If so, is it RESTful or SOAP based?
2) Is an RFC call available?
3) Can we use any other mechanism such as a BAPI wrapped with our own custom module exposed as an RFC?

I have looked at your screeenshots, and not too concerned with the MSMP settings yet as we are trying to first fix your Generation job
I would enable the admin review in your setting to just see if all the necessary data is being generated, i.e. in case there are blank role owners for some roles, this could be causing an issue.
As for your criteria selection, ensure no blank fields were left in the selection made.
I would have a read of the following WIKI and see if any of the points mentioned are applicable. The first mistake made by many is to not perform the sync jobs in the correct order.
Troubleshooting UAR Request Generation - Governance, Risk and Compliance - SCN Wiki
From my memory, I know for SOD reviews "offline risk analysis" had to be enabled, but unsure if this is also necessary for UAR.
Also refer to the following general wiki User Access Review(UAR) Workflow Configuration and Description - Governance, Risk and Compliance - SCN Wiki

Similar Messages

Integrate external identity management solution in SAP GRC Access Control

We need to integrate an external identity management solution into SAP GRC Access Enforcer. Some white paper mention extensibility is provided by web services. It seems that none of these web services are documented. Does anybody have infos about these services and documentation. Any hint is appreciated.
thanks
Detlef

Unfortunately Access Enforcer doesn't implement a number of critical requirements and implementing it "as is" would be a lot of steps backwards in our process.
what do the published webservices do? Is there any documentation about them?
In a part of our process, we must manually pick the current roles(1), the pending roles(2) (roles that were approved but not given due to training prerequisites) and the requested new roles(3) and make the simulation in the VCC.
The information (1) and (2) and (3) we have in our internal system, the information (1) we have inside VCC and (2) and(3) must be manually inputted by the operator to run the simulations. Since this operation is repeated 6000+ times a month in my company, eliminating this manual input will cause a great gain in efficiency.
Other thing that we want to do is to create a job where it would automatically desassociate the mitigating controls if the user does not have the risks anymore (users can lose roles automatically in some events here, so it would be coherent that the user also loses the associated mitigating controls)
IMHO as a former programmer, these are classic cases where I would like to consume some webservices for this tasks to avoid a lot of ctrc ctrlv from the operators (inefficient and error prone)
VCC has any documentation that would help me to find how I would do this integrations?
Thanks in advance

JES Access Manager User Creation for Messanger

Hi Everyone
I installed JES 2005 Q4 on Solaris 10 x86 with schema 2 and Access Manager 7. The Directory Tree is as follows:
Sol1.nucleussoftware.com:389
dc=nucleussoftware,dc=com (34 acis)
DSAME Users
Internet
People
Groups
Client Data
services
nucleussoftware.com
People
Groups
o=Netscape Root (3 acis)
cn=Schema (6 acis)
cn=monitor (5 acis)
cn=config (4 acis)
Organization DN when I ran "configutil" after running comm_dssetup.pl, was specified o=nucleussoftware,dc=nucleussoftware,dc=com
This is fresh installation and not any migration.
Now I create user from Access Manager, http://sol1.nucleussoftware.com/amserver
There are two organizations 1. Nucleussoftware and 2. Nucleussoftware->nucleussoftware.com
So I have two locations to create users in People.
When I create user from Access Manager and try to login into WebMail, I get Login Failed.
But when I open "startconsole" or "mpsconsole" and open Messaging Server Console and in new user's property, Account Attribute, I mark the check box, and now try to login into WebMail, I get error message, "Mailbox is on a different server".
I am missing one attribute that I used to get with schema 1 on iPlanet 5.2 for any user, Mail Server Address.
Please tell me the exact method of creating a user for Messaging.
Regards
Amit Bist

Access Manager was never intended to create working mail users. The Delegated Admin package is provided as part of JES, and that's what it is for, to manage users and groups. There's both a web interface, and a command-line interface, "commadmin"
Or, you can examine the ldap entries for the automatically created accounts, and duplicate that. Messaging doesn't really care how the ldap entries get done, just so that they are done correctly.

Access current user's manager name in the console application ( through Client object model)

Hi Guys,
Is there any way to retrieve current logged-in user's Manager name in the console application.
As I don't have access to the server where SharePoint 2010 is installed so I wanted to access through client object model.
arun singh

Unfortunately, you can't use CSOM to do this in SharePoint 2010 (you can in SharePoint 2013!), but you CAN use the User Profile Service .asmx web service to accomplish this. You need to call the
GetUserProfileByName method exposed
in the http://<yourServerName>/_vti_bin/UserProfileService.asmx web service. Pass in the user name for the current user and Manager will be one of the properties that is returned.
Here is a link to a blog post with example code.
Please mark my reply as helpful (the up arrow) if it was useful to you and please mark it an answer (the check box) if it answered your question! Thank you!
Danny Jessee | MCPD - SharePoint Developer 2010 | MCTS - SharePoint 2010, Configuring
Blog: http://dannyjessee.com/blog | Twitter: @dannyjessee

VZ access manager is already running in another user's session

Help! My parents currently use an USB Modem - I think the 551 L - for their internet access. They have been receiving the following message:
VZ access manager is already running in another user's session
They do not have a wireless router installed.
Help please!

VZAccess can only connect one user/session at a time. Either your parents did not properly shutdown VZA the last time they used it or the USB Modem is not hanging up its previous connection.
The easiest thing to do would be to reinstall VZA on that computer and see if the problem goes away. Ask your parents to disconnect the Modem before logging off or shutting down the computer to reduce the chance of the problem coming back.

Public users accessing SAP Netweaver Portal

Hi,
We are developing custom web application to be put into SAP Netweaver Portal because we want SAP Netweaver Portal to be our companywide standard platform for web-based application. These web application will be accessed by public users. How this affects SAP Netweaver Portal licensing because public users will access our SAP Netweaver Portal? Thank you.
Rgds,
Hapizorr Rozi Alias

Hi,
I am actually not sure about the general practice here. Since NetWeaver is a single license and it include external facing portal I would almost believe it is included.
I know there are some license rules with Oracle on public internet sites, might be that this is affected to.
But, check with you SAP sales contact.

SAP RFC & Access Manager & SSO

Hello,
I need to design an SSO solution in an heterogenous architecture. I think about Sun Access Manager (AM) and its Policy Agents (PA). There are some SAP (ABAP based) systems, which are communicate using SAP Remote Function Call (RFC) protocol. There's no way how to turn it to different protocol.
One of the customer's requests is to authenticate SAP systems together using SSO.
And my question is: Is it possible to install PA in that environment and SSO the RFC protocol? If yes, how to pass through SAP systems original SSO token?
Thanks a lot.
Pat

Hello,
I need to design an SSO solution in an heterogenous architecture. I think about Sun Access Manager (AM) and its Policy Agents (PA). There are some SAP (ABAP based) systems, which are communicate using SAP Remote Function Call (RFC) protocol. There's no way how to turn it to different protocol.
One of the customer's requests is to authenticate SAP systems together using SSO.
And my question is: Is it possible to install PA in that environment and SSO the RFC protocol? If yes, how to pass through SAP systems original SSO token?
Thanks a lot.
Pat

Problems Managing User Access Rights for Web Gallery

Has anyone else had issues changing the user access rights for a web gallery? It seems like the access is everyone or no one. Are the user rights handled per event in the gallery? I had issues adding events to the user's view/download rights in the publish settings.
Also, can these settings only be set when an event is first published? Attempting to change the user access rights after the event is published seems to require a re-upload of the images.
Any thoughts?

Problem solved.
I had to put the following lines in the specified "0000_any_80.my.website.conf" file:
        <Directory "/Library/WebServer/subdomain.domain">
                Options All +MultiViews -ExecCGI -Indexes -Includes
                AllowOverride None
                # For Password protection
                AuthType Digest
                AuthName "Password Protection"
                require valid-user
                <IfModule mod_dav.c>
                        DAV Off
                </IfModule>
        </Directory>

GRC AC 10: Emergency Access Management, Logon button is disabled (GRAC_SPM)

Hello Gurus,
I have configured Emergency Access Management in GRC AC 10.
GRC Box (SID) : GR1 client 100
Backend ERP system : D24 client 100
The FIREFIGHTER in GRC system : FFUSER1
Z_SAP_GRAC_SUPERUSER_MGMTUSER
Z_SAP_GRC_FN_BASE
Z_SAP_GRC_NWBC
In the Backend ERP system the FIREFIGHTER ID: ABC wants to access the FIREFIGHTER(FFUSER1)
Hence in NWBC (Setup >Superuser Assignment>Firefighter ID) the assignment is done.
ABC(FIREFIGHTER ID) <--->FFUSER1(FIREFIGHTER)
Now the User login the GRC system using FFUSER1 assigned following roles
Z_SAP_GRAC_SUPERUSER_MGMTUSER
Z_SAP_GRC_FN_BASE
Z_SAP_GRC_NWBC
Z_SAP_GRAC_SPM_FFID
and runs Transaction: GRAC_SPM
and he is able to see that ABC is assigned .
Now the user clicks on "Logon" and the status changes from green to "RED".
A new SAP screen opens asking credintials for Backend ERP system D24 client 100
The User enters his own Id : ABC and password and logs in.
Runs the necessary transactions and logs out using transaction: /nex
The session in GRC is still running and now the "LOGON button" is disabled , he comes out of that screen too.
When the user tries to login again using FFUSER1 to do more task , the "LOGON Button" is seen disabled.
and clicking the "unlock" button also doesn;t help.
When checked in SM04, no live session is reflected .
How can we "enable" the LOGON button in the transaction : GRAC_SPM for the same FIREFIGHTER (FFUSER1) assigned for Firefighter ID (ABC) ??
As it is now not possible to click "LOGON" button and the status is "RED".
Please let me know your opinion .
Thank You.
Regards,
Premjit

Thanks to All

Configuration of User Access Review process

Hi,
I'm new to the forum.
I´m looking at the User Access Review process in CUP.
I would like implement the User Access Review request. So, my question is:
1. Where take GRC the data to make the analysis? I need to know the exactly place where data are collected (which table, transaction code or statistical data)
In case that GRC use the backend tables, I should be aware of time that tables are operational in the system, correct?
2. Otherwise, how affects this analysis the performance in backend system?
3. I have read that it is possible obtain reports with use of Action Usage. The report that I mention is: RAR --> Informer --> Security Reports --> Miscellaneous --> Action Usage by User
Where does it gets information from? Could be data in the same place that use User Access Review process?
4. Is it possible to introduce another actors in the Reviewers (In Configuration Tab, User Review > Options > User Review pane)? Now, the reviewers configured are Manager or Role Owner.
5. To set User Access Reviews, I need some additional technical or is an automatic procedure?
If there is any requirements that I should be taken into account please, let me know.
Thanks in advance
Marta

Hi,
I have found this document that answers all my questions: www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/b05010a3-ed45-2c10-79b2-96df60a6bf2b
So, now I have another question:
The GRC Access Control that I have, ERM is not configured and there is no communication with it; (only RAR and CUP are configured). So, I would like to know if it´s possible configured User Access Review apart from ERM.
To realize the Role Usage Synchronization job in ERM, the transaction usage information from RAR alert data is needed. The job also obtains role to user assignments and role content information from the back-end systems. Access Control then translates the transaction usage information into role usage.
If this information could be extracted from the backend tables, I am looking for an alternative to way to load data in the system, regardless ERM. Is it possible?
Thanks in advance
Marta

Access BAPIs Using the SAP Java Resource Adapter

Hi experts,
Can someone tell me how to Access BAPIs Using the SAP Java Resource Adapter?

hi Shweta,
Please refer the step by step procedure:
1. Start the deploy tool of the SAP J2EE Application Server with the DeployTool.bat in the directory //<SAP J2EE Engine Installation Directory/.../j2ee/deploying.
2. Choose Project → New Project and enter a name for the new project.
3. Click on the Deployer tab.
4. From the menu path, choose Deploy → EAR → Load Module and select the sapjra.rar file.
5. For the newly created node sapjra.rar, choose Server Settings → Identity Subjects and select Caller Impersonation as authentication type, so that the J2EE user data is used to log on to the ABAP system.
6. Make sure that the J2EE Application Server is running. Connect to the J2EE Application Server with Deploy → Connect.
7. Deploy the sapjra.rar using the menu Deploy → Deployment → Deploy Module.
8. Enter SAPJRADemo as application name and start the application.
9. Close the deploy tool.
10. Start the Visual Administrator again.
11. Select the Cluster tab and switch to <Server Node> → Services → Connector Container.
12. Click on the Runtime tab and choose sap.com/SAPJRADemo → eis/SAPJRADemoFactory.
13. Choose Managed Connection Factory → Properties. On this page, you need to specify the logon data for the ABAP system. There is already some dummy data visible in the property list if no real system data has been specified so far.
14. To change the value of a property, select the property in the list, change the value underneath it, and add the changes using the Add button. At the end, do not forget to save all changes by pressing the button Save Changes. The user configured for the SAP JRA must be the user authorized to read metadata of function modules.

BPC authentication via Tivoli Access Manager

Hello experts,
I'm now investigating BPC authentication mechanism with third vendor authentication software.
Is it possible to login to BPC v7.5 MS version via Tivoli Access Manager with 'Reverse Proxy' ?
And can BPC get a login-user information as a http-header from Tivoli Access Manager at this time ?
If the above situation is possible, can BPC utilize BO enterprise authentication with Tivoli Access Manager ?
Best regards,
Tatsuo Oba

SAP BOPC can use Reverse Proxy.
I'm not sure how you want to use Tivoli Access Manager with SAP BOPC?
It is very interesting to know also the reason you woudl like to use SAP BOPC in this way.
It can be a very nice case study.
BPC can not get information like an HTTP header and something like that it will be unsafe from security point of view.
Regarding your question:
BPC to utilize CMS authentication with Tivoli Access Manager
I think you have to provide more information? Why do I need Tivoli Access Manager to access BPC or to do authentication to CMS.
I have to mention I don't know how it is working Tivoli Access Manager and because of that I'm asking you to provide more information.
Regards
Sorin Radulescu

Punchout - How to post login params to Tivoli Access Manager?

I am trying to help a customer access our parts ordering system. He is using SAP and wants to use the OCI Punchout feature. (Warning: I am a complete and utter SAP novice)
Our application servers are protected by Tivoli Access Manager and users currently login to our application by entering their user/pwd info in a form. This customer wants to store this login info in SAP and perform the login automatically as well as posting other parameters, such as HOOK_URL etc., to our parts ordering application.
I have been struggling with this for a few days now but without success. Can anyone offer some pointers here? Has anyone done something similar?
Thanks
Paul

Thanks for your reply Masa,
as I mentioned in my post, I am an SAP novice. I am assuming that the user, password and hook url are stored somewhere in SAP for use in the punchout.
The problem I see is this: how to login with TAM and send the hook url to my application. It seems to me to be 2 separate actions.
Paul

Can not configure Access Manager

Hi all,
1. I istalled Sun java messaging server 6.
2. I edit amsamplesilent to prepare amsamplesilent.my:
# cd /opt/SUNWam/bin
#mv amsamplesilent amsamplesilent.my
3. I configure Access Manager:
#./amconfig -s amsamplesilent.my but get the following error:
# ./amconfig amsamplesilent.my
Usage: amconfig -s <silentinputfile>
./amconfig: Sourcing ./amutils
ln: cannot create /opt/SUNWam/lib/jaxrpc-spi.jar: File exists
chown: jaxrpc-spi.jar: No such file or directory
full install
./amdsconfig: Sourcing ./amutils
LD_LIBRARY_PATH is --- /usr/lib/mps/secv1:/usr/lib/mps/secv1:/usr/lib/mps/secv1:/opt/SUNWam/lib:/opt/SUNWam/ldaplib/ldapsdk
CLASSPATH is --- /opt/SUNWam/locale:/etc/opt/SUNWam/config:/opt/SUNWam/lib:/opt/SUNWam/lib/am_services.jar:/opt/SUNWam/lib/ldapjdk.jar:/usr/share/lib/mps/secv1/jss3.jar:/opt/SUNWam/lib/am_sdk.jar
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
sleep 3
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
sleep 4
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
sleep 5
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
sleep 6
ERROR : Loading of Access Manager schema into the Directory failed
Starting the tag swapping of the install.ldif and installExisting.ldif
ROOT_SUFFIX is dc=iplanet,dc=com
People_NM_ROOT_SUFFIX is People_dc=iplanet_dc=com
SERVER_HOST sample.red.iplanet.com
DIRECTORY_SERVER sample.red.iplanet.com
DIRECTORY_PORT 389
USER_NAMING_ATTR uid
ORG_NAMING_ATTR o
CONSOLE_DEPLOY_URI /amconsole
ORG_OBJECT_CLASS sunismanagedorganization
RS_RDN iplanet
USER_OBJECT_CLASS inetorgperson
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
sleep 3
ERROR : Configuring/Loading of the default DIT in the Directory Server failed
ldap_simple_bind: Can't connect to the LDAP server - No route to host
ldap_simple_bind: Can't connect to the LDAP server - No route to host
sleep 3
Warning : Plugins and Indexes already exist.
./amsvcconfig: Sourcing ./amutils
LD_LIBRARY_PATH is --- /usr/lib/mps/secv1:/usr/lib/mps/secv1:/usr/lib/mps/secv1:/opt/SUNWam/lib:/opt/SUNWam/ldaplib/ldapsdk
CLASSPATH is --- /opt/SUNWam/locale:/etc/opt/SUNWam/config:/opt/SUNWam/lib:/opt/SUNWam/lib/am_services.jar:/opt/SUNWam/lib/ldapjdk.jar:/usr/share/lib/mps/secv1/jss3.jar:/opt/SUNWam/lib/am_sdk.jar
ldap_simple_bind: Can't connect to the LDAP server - No route to host
Loading service schema XML files ...
Info 112: Entering ldapAuthenticate method!
Error 15: Cannot authenticate user.
LDAP authentication failed.
Error 9: Operation failed: Error 15: Cannot authenticate user.
Error occured while loading: /etc/opt/SUNWam/config/ums/ums.xml
./amws61config: Sourcing ./amutils
/opt/SUNWam/console.war: No such file or directory
current web app is applications
copying files from sunwamconsdk
Swapping tag swap in index.html files ...
Making amconsole.war
Successfully done making warfile ...
Deploying from /opt/SUNWam/web-src/applications (/opt/SUNWam/amconsole.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/applications for /amconsole
wdeploy deploy -u /amconsole -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/applications /opt/SUNWam/amconsole.war
[wdeploy] The war file name is /opt/SUNWam/amconsole.war
[wdeploy] Fatal error in parsing XML file ..Premature end of file.
[wdeploy] (-1, -1) in file null
[wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
Failed deploying /amconsole
/opt/SUNWam/services.war: No such file or directory
current web app is services
Swapping tag swap in index.html files ...
Making amserver.war
Successfully done making warfile ...
Deploying from /opt/SUNWam/web-src/services (/opt/SUNWam/amserver.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/services for /amserver
wdeploy deploy -u /amserver -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/services /opt/SUNWam/amserver.war
[wdeploy] The war file name is /opt/SUNWam/amserver.war
[wdeploy] Fatal error in parsing XML file ..Premature end of file.
[wdeploy] (-1, -1) in file null
[wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
Failed deploying /amserver
/opt/SUNWam/password.war: No such file or directory
current web app is password
Swapping tag swap in index.html files ...
Making ampassword.war
Successfully done making warfile ...
Deploying from /opt/SUNWam/web-src/password (/opt/SUNWam/ampassword.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/password for /ampassword
wdeploy deploy -u /ampassword -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/password /opt/SUNWam/ampassword.war
[wdeploy] The war file name is /opt/SUNWam/ampassword.war
[wdeploy] Fatal error in parsing XML file ..Premature end of file.
[wdeploy] (-1, -1) in file null
[wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
Failed deploying /ampassword
/opt/SUNWam/introduction.war: No such file or directory
current web app is common
Swapping tag swap in index.html files ...
Making amcommon.war
Successfully done making warfile ...
Deploying from /opt/SUNWam/web-src/common (/opt/SUNWam/amcommon.war) to /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/common for /amcommon
wdeploy deploy -u /amcommon -i https-sample.red.iplanet.com -v https-sample.red.iplanet.com -d /opt/SUNWwbsvr/https-sample.red.iplanet.com/is-web-apps/common /opt/SUNWam/amcommon.war
[wdeploy] The war file name is /opt/SUNWam/amcommon.war
[wdeploy] Fatal error in parsing XML file ..Premature end of file.
[wdeploy] (-1, -1) in file null
[wdeploy] Error encountered while parsing /opt/SUNWwbsvr/https-sample.red.iplanet.com/config/server.xml
Failed deploying /amcommon
Checking if Web Server is already configed with Access Manager
Configuring Web Server
Mime type: 'type=text/vnd.wap.wml' already exists: Skipping ....
Mime type: 'type=image/vnd.wap.wbmp' already exists: Skipping ....
I tried again but I still get this error.
Any Ideas for this problem?
Thanks.

ldap_simple_bind: Can't connect to the LDAP server - No route to host
i would consider this a fatal error.
The system cannot locate where your Directory Server is. "no route to host" means that it's trying to get to the host, but your networking isn't set up correctly, and it doesn't find any route to get to the specified host.

Can not login access manager

mail server version is JES messaging Server 6 2005Q4 :
My Access Manager:http://hostname:8080/amserver
last week, i login access manager, under the web label or configuration label�F
in "ldap" item�Ci add new dc=xx,dc=xx,dc=xx�C
then save configuration.
but after that i can not login access manager.
when i user admin login,it print:"
Authentication failed".
what should i do to restore access manage?
thanks!

javatoall wrote:
Hi,
I login Access Manager, access sample "realm" -> Authentication->
Advance Properties -> User profiles and then I choiced "Dynamic with user Alias".
Then I only configure JDBC authentication with mysql database that I don't used ldapservice.
When I created a one new user in MySQL, I can login into web application that i security as "sample.war" successfull but new user don't right access resource that i protected before.
When i login access manager with amdmin user, I can not find user that i has been created it in MySQL database. t
When the users are created through the dynamic profile, the default cn/sn are set to "default" , after creation you need to login to amconsole as amadmin and change/add proper values for these attributes.
Alternatively you can set the protected resource's policy subject to Authenticated users. This will work but not sure will meet your requirement
>
When i login access manager console with new user, it login successful, and view Profile of new user that I has been created.
Can you tell me How to manage new user that I has been new in MySQL by Access manager console ?
I want to configure access proteced resourse for that user. How to configure that ?
read above use the authenticated users subject
Thank for every help.
VinhND.

User Access Management(UAM) in SAP

Similar Messages

Maybe you are looking for