How to Change the UME of a J2EE Engine and SAP Supported Changes

Supported UME changes: local db to ABAP server

ÆSAP release 640 and 700
Login to the Configtool-> switch to the configuration editor mode (click on edit mode) ->configuration -
>cluster_data->server-> cfg> services-> Propertysheet com.sap.security.core.ume.service.

Make sure that the below parameters are set:

ume.persistence.data_source_configuration: dataSourceConfiguration_abap.xml
ume.login.guest_user.uniqueids: J2EE_GUEST
ume.r3.connection.master.client: < Backend client to which the J2ee has to be connected >
ume.r3.connection.master.msghost: <Message server of the R/3 server).
ume.r3.connection.master.r3name: <SID>of the R/3 server.
ume.r3.connection.master.user: SAPJSF (make sure that the SAP_BC_JSF_COMMUNICATION should
be assigned in the backend R/3 and in the right client).
ume.r3.connection.master.passwd: <password of the SAPJSF user>
Make sure that the J2EE_guest user is present only in the ABAP server (not in the local DB) and has the role
SAP_J2EE_GUEST assigned to it.
After this restart the J2EE engine. More information is available at :
http://help.sap.com/saphelp_nw04/helpdata/en/84/10594aecd3e1408845e66c432b955e/frameset.htm

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BA - boc.sap.com | UAC - uac.sap.com
© 2012 SAP AG 11
 How to Change the UME of a J2EE Engine and SAP Supported Changes

ÆSAP release 7.3

The procedure is different on 7.3 servers. Login to the Configtool-> switch to the configuration editor mode
(click on edit mode) ->configurations-> destinations -> RFC -> Propertysheet <Destination Name> and add
the details of the backend server. When you need to change data, only change the JCo properties and never
change the properties that are internal data for the destination service.

It is also possible to change the data from the SAP Netweaver administrator. Navigate to
http://<server>:<port>/nwa -> configuration management -> security ->destinations ->
UMEBackendConnection RFC Destination in "Connection and Transport" tab and set the values here. Hence
if a change of the properties is needed, you can use the online tool, /nwa. However, offline it can be done
only via the Configtool.

Important notes:
1) Editing the properties offline, prevents user management data from becoming inconsistent in a
running system because of changes made to UME properties with the Configtool. You can use user
management configuration to edit properties in most cases (online). Only use the Configtool if you
cannot use an online tool. This procedure requires you to stop the SAP NetWeaver Application
Server (AS) Java. Make sure that you plan for the required downtime while the AS Java restarts.
2) The Security Provider service is one of the core services and if its startup fails, the whole engine will
fail to start as well. At startup, its action depends on several other components as well, the most
important of which are - the UME service (com.sap.security.core.ume.service) and the Userstore
service. The references to them are hard, so if any of them fails to start or is not available, so will the
security service itself.

3) If you are using the Central User Administration (CUA), check the below link:
http://help.sap.com/saphelp_nw04/helpdata/en/49/9dd53f779c4e21e10000000a1550b0/content.htm

4) If you change to "dataSourceConfiguration_abap.xml" as per the above mentioned methods, see

SAP Note 843061 for the changes to the “Administrator” user.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BA - boc.sap.com | UAC - uac.sap.com
© 2012 SAP AG 12