Hi all,
Looking for some advice around "mass updates" of UME security policy for users. First though, some background:
I'm currently running an SAP NW 7.0 SP21 portal, using an LDAP directory + UME as datasources. All of my "normal employee users" (about 130,000) come from the LDAP, while any "test users" that we may have created in various non-production systems are sourced locally from each system UME. (For example, in some systems, we have created upwards of 3000 unique test users for load testing). Essentially, I would like users from each data source to have a separate "default" security policy.
For my LDAP users, I want a more relaxed password policy, allowing the LDAP directory to fully administer the policy for user lockouts & password resets (eg. in UME, set max failed passwords to 0 and auto-unlock time to 0). Said another way, I want it to be impossible for one of my employee users to lock themselves in my UME --- I want LDAP to manage that. On the other hand,for my test users, I'd like a separate policy with a little more rigor.
So, creating the two separate policies is no big deal. This can be done in the Portal under System Administration > System Configuration > UME Configuration > Security Policy, where we can modify the existing Default and Technical User security policies. Additionally, we can add custom policies, which are then visible in the portal UME application when maintaining a single user.
So, now for a few questions:
1) Is it possible to configure different default security policies depending on the Data Source? eg. apply one set of rules for my LDAP users and another for my local UME users? Can this be done by customizing the dataSourceConfiguration.xml?
2) Can security policies be linked to other UME principal objects (like groups)?
3) In the UME, it seems only possible to change the security policy one user at a time. Has SAP delivered any "mass policy maintenance" utility for UME, where this could be changed for a large number of users simultaneously?
4) Let's say that I use the "default" policy for my LDAP users and create a new custom policy for my UME test users. Normally, when I create test users, I use the UME import functionality. However, it does not appear to be possible to set the security policy as part of the import/create process. This means that, if I created 1000 users and needed to change their policy, I would have to do it one at a time (right after I finished slamming my fingers in the door repeatedly). In reading this [thread|Creating Technical Users - Import functionality; , it mentions that it should be possible to programmatically update a user's policy via the UME API. However, when searching through [com.sap.security.api|http://help.sap.com/javadocs/NW04S/SPS09/se/com/sap/security/api/package-summary.html], I cannot find any interfaces which expose that attribute of a user.
Has anyone had any luck updating a user's security policy programmatically?
Kind Regards and thanks in advance for any help!
Pete
Edited by: Peter Rauchenstein on Jan 21, 2011 12:32 PM