− The most common method of authentication in the SAP system is by using the user name and password to login. User IDs to login are created by SAP Administrator. To provide a secure authentication mechanism via the user name and password, there is a need to define password policies that don’t allow the users to set an easily predicted password.

 

SAP provides various default parameters that you should set to define password policies - password length, password complexity, default password change, etc.

 

 

User Management Tools in SAP system − SAP NetWeaver system provides various user management tools that can be used to effectively manage users in your environment. They provide a very strong authentication method for both types of NetWeaver Application servers - Java and ABAP.

 

Following are the most common User Management tools −

 

User Management for ABAP Application Server (Transaction Code: SU01)

You can use the user management Transaction Code SU01 to maintain the users in your ABAP-based Application Servers.

 

 

SAP NetWeaver Identity Management

You can use SAP NetWeaver Identity Management for user management as well as for managing roles and role assignments in your SAP environment.

 

 

PFCG Roles

You can use profile generator PFCG to create roles and assign authorizations to the users in ABAP-based systems.

 

Transaction Code − PFCG

 

 

Central User Administration (CUA)

You can use CUA to maintain the users for multiple ABAP-based systems. You can also sync it with your directory servers. Using this tool, you can manage all the user master record centrally from one client of the system.

 

Transaction Code − SCUA and create distribution model.

 

 

User Management Engine (UME)

You can use UME roles to control user authorization in the system. An administrator can use actions, which represent the smallest entity of UME role that a user can use to build access rights.

 

You can open the UME administration console using SAP NetWeaver Administrator option.