Central User Administration in SAP
Figure 1: CENTRAL USER ADMINISTRATION
Central User Administration best suites an environment where there is
- Complex System Landscape with several clients in different systems (example: ECC, SCM, BI, PI, MDM, SEM, EP)
- Same user works in more than one system (example: User id 1234 in ECC, SCM, BI, PI etc)
- Same user ID should represent the same individual in all the systems (example: User id 1234 belongs XYZ of Finance Dept in Solution manager, ECC, BI, SEM, EP)
- Enormouse efforts required to synchronize user data in all the systems. (example: Assigning a same TCode in all the systems to the same user id)
By implementing Central User Administration we can
- Administer the whole system landscape from one single system
- Overview of overall user data across all the systems
- Additional local maintanence is possible in child systems
The following Data can be distributed in CUA
- User Master Data (example: address, logon data, defaults, parameters)
- Functional Assignment (Profiles, Roles)
- Lock State (lock, unlock)
- Initial Password
The following are the steps that are to be performed to activate the CUA in the system landscape
- Setting up the communication user for ALE
- Define Logical Systems for each client (systems are always refered by logical systems in CUA)
- Assignment of Logical systems to each client
- Define RFC Systems between Central Systems and client systems
- Define ALE Distribution Model
- Switching on Central User Administration
- Define field Attributes
- Migrate Users
Setting up communication user for ALE
Create a user with SU01 in all the systems for ALE communication. The user type is communication user and assign relevant profiles/ roles as per the security policy.
User id in Central System : CUA_sys
User id in client System: CUA_sys_client
Define Logical Systems
Transaction SALE -> Define Logical systems
Transaction SALE -> Assign Logical systems to clients
Figure: Creation and Assigning Logical System
Define RFC Destinations
Transaction SM59 -> create RFC destination from the central system to the client system
Transaction SM59 -> create RFC destination from the client system to the central system
Figure: Creation of RFC connections
Creation of a Distribution Model for CUA
Call transaction SCUA -> and give a name to the distribution model (example CUA) and create.
Figure: Name of the distribution model for CUA
Maintain the System Landscape in the next screen.
Figure: System Landscape maintanence in CUA
Maintenance of the Distribution Model for ALE data transfer
Inorder to exchange data with the created distribution model we need to assign BAPIs to the distribution model.
Two types of data can be exchanged between the systems.
User master data (including profiles and roles)
Go to transaction code BD64 -> and create a distribution model (example CUA)
Select the distribution model (CUA) -> click on ADD BAPI -> enter the sender and receiver systems -> In the object name/interface field, select USER (R3 system user) and in the Method, select CLONE and save the entries
Figure: Assigning BAPIs to the distribution model
Generating Partner Profiles
In transaction BD64 -> select Environment and click on Generate partner profiles -> select the distribution model you have created earlier and select the partner system (logical system of the client system) and click on execute.
Figure: Generating Partner profiles
Migrating User Data to the client systems
Call Transaction SCUG -> select the user and client on transfer users.
To check log for CUA call transaction SCUL