User Management Engine (UME) 
The user management engine (UME) offers a comprehensive API to manage user, roles, groups and the associates access control lists (ACLs). The implementation is based on the Portal Content Directory (PCD) and inherits some of its characteristics.
The UME API works with persisted data and the data has to be consistent on different portal nodes. This makes calls to the UME API rather complex. Performance often depends on the structure that is used to represent the data and is also affected by the cluster-communication to synchronize the collaborating nodes.
Checking for Existence of UME Entities
Currently the UME API has no method to check if a user, role or a group is known in the system. The straightforward workaround to get the corresponding IUser, IRole or IGroup object cannot be recommended because this will also load the associated attributes.
Recommended code to search for a user:
| boolean existsUserByUniqueName(final String uname) throws UMException { |
The code also works for roles and groups simply by replacing the searchUsers() method to searchGroup() or searchRole().
User-Role Assignment
The internal representation of the assignment between users and groups has a significant influence on the performance of the UME. User and role are in a bidirectional relationship and can be associated in two directions. Due to the internal data management of the UME, links from the role to the user (add user to role) are handled faster when multiple users have to be processed.
Example of a not recommended implementation:
| UMFactory rf = UMFactory.getRoleFactory(); |
Improve performance and save memory with this approach:
| UMFactory rf = UMFactory.getRoleFactory(); |
See SAP Note 746682 (Performance problems when assigning roles/groups via UME API).
User-Group Assignment
User group assignment is similar to user-role assignment.
See SAP Note 746682.
Note: Original: http://help.sap.com/saphelp_em70/helpdata/en/7d/003c41325fa831e10000000a1550b0/content.htm