Additional Blogs by Members
cancel
Showing results for 
Search instead for 
Did you mean: 
Former Member
What is the easy and simple way of activating Central User Administration (CUA)via SCUA?

Customers that have implemented the Central User Administration in lower releases have had to read and skim through cookbooks and adhere to the different set-up procedures of the ALE landscape used to propagate the user data and input methods like UserClone in transaction WE20 (managing partner profiles), bearing in mind upper and lower cases for the different methods.

There is good news for you. The setup of CUA is now extremely simple and easy. All you have to do to activate the CUA, regardless of whether you want to set up a complete new CUA just add a new client to the CUA, is activate the CUA via transaction SCUA. So, no more fumbling in ALE configurations and partner profile management is needed!

The process, in short, is as follows:

1. Log on to the new child system and create a communication user for the CUA. Assign this user a customer copy of the following two roles: SAP_BC_USR_CUA_CLIENT, SAP_BC_USR_CUA_SETUP_CLIENT. The latter can be removed from the communication user after CUA activation.

2. Create the RFC connection(s) between central system and client.

3. Create a new logical system for the CUA client

4. Assign the logical system to a client

5. Go into transaction SCUA, enter the logical system and save. This will generate the ALE distribution model including partner profiles.

6. If you configure a CUA newly from scratch you have to customize the field distribution in transaction SCUM.

7. Migrate new users into your CUA central using transaction SCUG.

Let's look at the details and do it. The CUA landscape we start with is as follows: We have a central system in client 100 on a Web Application Server stand-alone called TT1. We have two child systems in client 200 and 300. Now, we want to add client 400. So, how do we start? Create the communication user on client 400.

So, we log on to client 400 and create the communication user via transaction SU01.

This user has also been assigned the roles Z_SAP_BC_USR_CUA_CLIENT and Z_SAP_BC_USR_CUA_SETUP_CLIENT, which are custom copies of the pre-delivered SAP roles.

Now we have to create the RFC connection. To do this, we log onto the central system client 100 in system TT1 and go into transaction SM59.

We maintain the technical settings for the RFC connection.

And we maintain the communication user in this RFC connection.

What is the next step? To create a logical system for the new client 400. This is done in transaction SALE on the central system. Navigate to the menu path for logical systems and click on Define Logical System.

On the next screen enter a new value for TT1CLNT400 and save.

Then, go back with the green arrow and double-click on Assign Logical System to Client. On the next screen double-click on client 400.

Assign the logical system TT1CLNT400 to client 400.

Please note that the setup of the CUA landscape in our example spares us the burden of creating an RFC connection from the new daughter system client 400 back to the CUA central client 100, because we are in ONE system only, namely the TT1.

What is left to do? Well, all you have to do now is go into transaction SCUA, add the new child system TT1CLNT400 there, and click on save. Let us do it.

After you have saved your entries, you will see the following logs.

So, activities you formerly had to do yourself like creation and generation of the ALE partner model and input of methods in the ALE model are now done AUTOMATICALLY for you.

If you have not configured it yet, you can now maintain the field distribution in transaction SCUM. This transaction allows you to configure on a field level where you want to allow fields of the user master record to be maintained. Optionally you can just take the SAP defaults. So there is nothing to configure in transaction SCUM. The defaults will be distributed when you activate the CUA with transaction SCUA.

Then, you can migrate the users from child system 400 into the central system 100 using transaction SCUG.

For more information on CUA and how to implement it please take a look here: SAP Security Homepage" -> Security in Detail -> Identity Management -> Centralized Administration -> Cookbook: Central User Administration (Web AS ABAP 6.20 or higher release)

Hopefully, this weblog has shown how easy it has become to implement CUA. The crucial transaction SCUA has been powerfully enhanced, so that you are spared the burden of a lot of manual configuration. I hope you enjoy implementing CUA.

26 Comments