Welcome (back)!
User and authorization administration in the Java stack is a pain in the neck – that’s a fact! The identity management tools are inferior as compared to the ABAP stack, but nevertheless, there are ways to make your life a bit easier…
Mass user maintenance in the UME
When it comes to mass user creation/modification in the Java UME (database only, no ABAP- or LDAP-data source), no tool like SU10 exists and many admins choose the hard way of creating users one by one… but wait… the “Identity Management” screen has an “Import” button:
Standard Format for UME imports
The screen behind that “Import” button provides not much more than a text field, which needs to be populated with user master data in the correct format (btw.: the amount of importable data is limited to 1 MiB).
The import format is documented here, but SAP provides no easy solution to create data in that format.
This is – you probably guessed it – the point, where my solution comes in.
Generally speaking, the “Standard Format” – as SAP calls it – is similar to the format of many .ini files and thus quite simple.
It can be used to create and modify users, groups, and roles — for users, a typical import record looks like this:
[User]
uid=dberlin
password=trustno1
first_name=Daniel
last_name=Berlin
email_address=
role=Administrator;SAP_SLD_ADMINISTRATOR;
Squeeze mass user data into the Standard Format
For this task, I’ve prepared a very simple Excel file for you… download it here:
You can insert the user name, first and last name, password and up to three roles for up to 100 users into column A-G.
The formula in column H generates the expected format from the input data.
When finished, simply mark the cells in column H starting from line 2 (i.e. without the header).
Unfortunately, Excel is a very smart tool 😕 and automagically inserts quotation marks around the copied cells.
You need to remove these quote signs manually from the copied data…
Alternatively, you can also copy the clipboard’s contents into an empty Word document, then copy everything again – that way the quotes are removed, too.
Afterward, paste the data into the text area on the Import screen of the Identity Management; then click “Upload”.
The protocol on the next screen contains information about the import result.
See you then!
Mass delete and mass lock would also be a perfect aid.
Hi Daniel, very interesting proposal you have made. Many thanks.
Hi Daniel,
If i have to change parameter Validity Start Date and End Date for mass user, then what would be the field?
Also if I have to set the value Admin Lock for mass user then what would be the field?
Regards,
Ravi
Hi Ravi,
that’s unformtuately not possible, because these fields are not supported… for a list of valid fields, check this page: https://help.sap.com/saphelp_nw70/helpdata/en/7d/49ae0771924cf4a1fc7e2af7b2e18c/content.htm
Regards, Daniel
Hi Daniel,
is there a way to import the users with the passwords disabled?
Hi Israel, did you try to leave the password field empty?
Hi Daniel,
how do I include an email address column into your script?
Thanks
Vishen
Hi Vishen,
please check this extended version of the Excel.
Best regards,
Daniel