Ansicht
Dokumentation
RSUSR_DBMS_USERS - DBMS user: Mass processing
General Data in Customer Master BAL_S_LOG - Application Log: Log header dataThis documentation is copyright by SAP AG.
Purpose
To simplify user management of the database management system (DBMS), you can create a connection between the user management of SAP NetWeaver Application Server (SAP NetWeaver AS) ABAP and the DBMS. This program enables mass operations on DBMS users. The program supports the following functions:
- Create and map DBMS users to the corresponding ABAP users
- Remove mappings of DBMS users to the corresponding ABAP users
- Assign DBMS roles to DBMS users
- Remove DBMS roles from DBMS users
- Update specific attributes of DBMS users
- Enable authentication methods for DBMS users
Integration
Prerequisites
- You have customized SAP NetWeaver AS ABAP to use DBMS user management. If the DBMS
tab appears in User Maintenance (transaction
SU01 ) then the customizing has already be done. Otherwise follow the instructions in the documentation on SAP Help Portal (http://help.sap.com/saphelp_nw74/helpdata/en/10/f6a4fe4e44439eb60b237f5f651fa1/frameset.htm).
- You have the required authorizations. This report checks the authorization object S_USER_GRP for the activity 02 for editing and 03 for display.
Features
You can run the program in batch or dialog mode.
In batch mode you enter the options for user and role selection, choose a function and start the report.
In dialog mode you enter the options for user and role selection and choose the Display users function. The program shows a list of the selected users. From this list you can do a line selection and execute the functions that the toolbar offers. The toolbar functions correspond to the functions of the Select Functions area on the Selection screen. By default, the program only shows error messages that result from the execution in the message column. If there is more than one message, the More column contains the number of additional messages. Double-click the message column to display all messages in a separate window. Clear the Show only error messages option to show success messages as well.
To show the detailed role assignment of a single user, double-click the ABAP user ID. The system displays
the user in User Maintenance (transaction
Create and Map DBMS Users to the Corresponding ABAP users
For each selected ABAP user, the function tries to create a DBMS user in the database.
If successful, the system establishes a mapping between both ABAP and DBMS users. If the DBMS user already exists then this user is used for the mapping. The function uses the ABAP user ID for the DBMS user ID by default. You can override the user ID in a custom BAdI implementation. The restrictions on allowable user IDs for the DBMS and ABAP can be different. Use the BAdI to create a valid DBMS user ID for the connected database system.
The name of the BAdI definition is BADI_DBMS_USERNAME_MAPPING. This BAdI belongs to the enhancement spot ENH_DBMS_USERNAME_MAPPING of package SUSR_IDENTITY_DBMS. The interface of the BAdI contains one method, GET_DBMS_USERNAMES, which implements the mapping of ABAP user IDs to DBMS user IDs. The SUSR_SUID_BADI_PIF package interface of package SUSR_MAIN contains the interface. As a fallback implementation, the system performs a one-to-one mapping if there is no implementation available.
SAP delivers the BAdI implementation BADI_DBMS_USERNAME_PREFIX to add the prefix "DBMS_" to the DBMS user IDs. This BAdI implementation is disabled by default.
To generate passwords for DBMS users select the generate passwords option. By default no password is set.
Remove Mapping of DBMS Users from the Corresponding ABAP User
This function removes the mapping between ABAP users and DBMS users. If you remove the mapping, the DBMS user is not deleted by default. To delete the DBMS user set the Remove DBMS users as well option. You cannot change the DBMS user mapped to the ABAP user directly. You must remove the DBMS user assignment before you can assign another DBMS user.
Assigning DBMS Roles to DBMS users
This function tries to assign the selected roles (see Role Selection) to the selected users.
Remove DBMS Roles from DBMS users
This function tries to remove DBMS roles from the selected users.
On SAP HANA, all DBMS users are assigned the
Update Specific Attributes
This function updates attributes of DBMS users, like e-mail, validity period, and external identity from the corresponding attributes of ABAP users. For external identity, the SNC name of the ABAP user is mapped to the Kerberos name and saved as the external identity of DBMS user. By default, existing values of DBMS users are not overwritten by the Update specific attributes function, unless you set the Force Update checkbox.
Enable Authentication Methods
This function activates or deactivates the authentication methods configured for DBMS users when they log on to the underlying DBMS. Methods include password, Kerberos, SAML, X509, logon ticket, and authentication assertion ticket. You must configure the underlying DBMS to support the relevant authentication methods.
Selection
User Selection
You can select users by ABAP user ID, user type, user group assignment, ABAP role assignment, or a combination of these attributes. An additional option exists to display or process only unmapped users.
Role Selection
You can select roles with the selection options or by choosing a user from whom the program copies the role assignments. A combination of both methods is possible. You can fill the DBMS Role field with the Select Role pushbutton.
Function Selection
This area contains the program functions that were explained under Features above.
Standard Variants
Output
The program provides an execution log. In dialog mode, error messages appear directly in the user list as described under Features above.
Activities
Example
BAL Application Log Documentation CPI1466 during Backup
This documentation is copyright by SAP AG.
Length: 7421 Date: 20240520 Time: 110220 sap01-206 ( 150 ms )
