AS Java Default Security Policy Profiles

Posted by — December 21, 2011 in SAP SECURITY Leave a reply

SAP NetWeaver Application Server (AS) Java delivers default security policy profiles. The security policy profiles are used to distinguish normal dialog users from technical users used to access a specific service or conduct system-to-system communication. It determines, for example, if the password of a user can expire or if it must be changed after the initial log on.

The security policy also determines if the user can log on or not. You can only modify the Default profile and any custom profiles you create.

Default

• Used for regular generic users. The profile can be displayed and modified.
• Can be used to log on to the AS Java
• Normal password rules apply, for example the user’s password can expire or the password must be changed after initial logon
• Created by administrators, during self-registration, or read from external user management engine (UME) data sources. The administrator and guest users are created automatically during installation.
• UME maps Dialog users from the AS ABAP data source to this type
• Standard users, Administrator and Guest.

Technical User

• Used for system-to-system communication. The profile can be displayed, but not modified.
• Can be used to log on to the AS Java
• Password does not expire
• Some created automatically (SAPJSF), some by the user administrator
• UME maps System users from the AS ABAP data source to this type
• Standard users, SAPJSF and ADSuser. Although SAPJSF is a standard technical user, you cannot log on to the AS Java with it for security reasons.

Internal Service User

• Used to perform internal operations, for example PCD ACL operations for a portal. The profile cannot be displayed or modified.
• Cannot be used to log on
• Usually do not have passwords
• Normally created automatically
• Users exist only in the Java database, does not map to other data sources
• Type cannot be changed
• Standard users, pcd_service, config_fwk_service, ume_service

Unknown

• Not a profile, but a category for AS ABAP user types that cannot be mapped to one of the UME listed above.
• UME maps AS ABAP users of type Communication, Service, and Reference to this profile
• Password rules of the back-end AS ABAP and ability to log on apply according to the AS ABAP user type

You May Also Like

RSAGRDIST_SETUP: Role Distribution

SAML2: Format ’emailAddress’ is not supported for user assignment

Internal error – NUMBER_GET_NEXT call error (SU01)

SNCCONFIG: Displaying the SNC Configuration for Application Server ABAP

Leave a Reply?