I just finished another installation of solution manager 7.1 and also completed all the steps in Solman_setup. When I configured Solman_setup first time, I felt difficulties to move with new enhanced steps and also have lots of questions on each and every step about its significance. Of course, each step has the help steps in the allotted block, but I felt it is not enough to understand the purpose of each steps. While configuring Solman_setup next time I decided to drill down each step and trying to identify the back ground of each activity in Solman_setup. It really helped to under the architecture and data flow in the new solution manager 7.1.
Ongoing learning path I faced lots of issues most of them with the authorization of automatic users created by the Solman_setup. We solved some of them with workaround and most of them with the help of SAP.
Through this blog I would like to share the major issues we faced with regards to the automatic users created by Solman_setup and solutions.
User involved in System Preparation:
Below are the lists of users created from the system preparation step
Let’s discuss about the purpose and activities of users created in the system preparation step.
This is the first automatically created user by Solman_setup, more over it is the admin user, other way this user called as Solution manager Administrator. All major roles are assigned automatically by Solman_setup. Basically it is dialog user, but it is also responsible for creating other system, service users in the solman system as well as in the BW Client\system like SMD_RFC, CUA_<SID> ,SOLMAN_BTC.
If BW runs in the same client Solman_Admin user takes care of BW administration activities. In this case this user is responsible for technical content activation in BW client. If the BW runs as separate system or separate client again Solman_Admin user is responsible to create the user SMD_BI_RFC and the RFC connection between solution manager and BW system.
This user also helps in auto implementation of SAP notes prompted in the initial setup.
While creating itself system automatically assigns the needed general roles and profiles to this user. But this user is also responsible for Basic technical configuration in ChARM, Incident management implementation, in those cases we need to manually adjust the roles to these users.
Please refer the SAP note 1560717 – ST 7.0 and 7.1 SP01 and higher: Roles for SOLMAN_SETUP.
Most of the time we never face authorization issue with this user, except password mismatch, user locked. After the system upgrade we need to regularly check and update the authorization of the user.
It is the system user to facilitate the maintenance of the SMD(Solution Manager Diagnostics) server. This is the user helps to register the diagnostic agent to the java stack of the solution manager while installation. All the communication between solman and SMD is done by with this user only, this user should have j2ee administrator roles, and system automatically takes care of the user creation and maintenance.
So if this user is locked, or some one changed the password your SMD will not report to solution manager. You can review the significance of Smd_Admin user in SMD trouble shooting here http://wiki.sdn.sap.com/wiki/display/SM/Troubleshooting+SMD+Agents
In SM 7.1 SP05 SAP reduces the burden of Smd_Admin by introducing the new Non-Authenticated Diagnostics Agents 🙂 , review this new concept here http://wiki.sdn.sap.com/wiki/display/SMSETUP/Non-Authenticated+Diagnostics+Agents
This is the system user which has the whole soul responsibilities of executing all the background job and the bw data extractors for the reporting.System creates the user and maintain authorization automatically.
But in our case few batch job failed with missing auth for the user solman_btc, even one case we were not able to proceed auto notification in alert inbox due to missing auth in Solman_btc.
Hence please review the security guide and also the Note 1690743 – DBA: DBA Cockpit Uses Trusted RFC on Solution Manager
Note 1581460 – SM 7.1: Steps for Auto-notification in Alert Inbox
Other important thing about solman_btc is that if you are going for any scenario specific settings like charm, service desk you need to assign additional roles manually based on the scenario, please view the list of roles in security guide.
This is the web service user used for external web service communication between solman and SMD agents, The purpose of the dedicated web service user was to ease the user tracing and maintaining(Locking,password change), this user is responsible for other activities in basic configuration, and technical monitoring. Hence be aware after changing the user password and auth manually, repeat the affected system prompted steps again.
This is the very interesting user, this is also the web service user used for internal communication between abap and java stack of the solution manager, we received the below unauthorized error when we tried to connect diagnostic agent, this is the UME client issue, due to this SM_INTERN_WS not able to connect the java stack.
Issue resolved by applying the sap Note 1663549 – Unsupported XStream found error
Users involved in Basis configuration:
Below the list of users involved in basic configuration steps
This is the user only used for Remote BW client\system scenario, We used remote BW client, so Solman_admin created this user for BW operations on the remote client . This is the user activates your bw content in the remote client\system with the RFC BI_CLNT_<Client>. System automatically assigns the needed roles. This user also creates the other system users which is responsible for bw related tasks.
Though system automatically assigns the authorization, We faced issue while activation ESR content activation, It was resolved by sap, after applying the sap Note 1710578 – wrong user for ESR BI content activation.
if you use bw client as same production client normally the additional bw roles assigned for the solman_Admin user.
This user created by solman_admin in solution manager system, managed system as well as in the remote bw client\system, It is the read user of the Dialog used in RCA. This user is also the service delivery user for SAP enhancement and service delivery.
This is again the problematic user, This user is created by user SM_BW_ADMIN if you use a remote BW system/client. Major responsibility of the user is to run the Job Extractor Resource Manager Framework. we faced couple of issue with this user.
While doing Solman_setup, basic configuration-> configure automatically -> Enable solution manager usage Error as “ESR: Extractor setup is not successful!”
when I tried to activate manually by executing the Tcode ESR_ACT, it fails with the error as “Activate ESR and SUGEN Scenario ,ESR: BI content data exchange setup is not successful. Extractor setup is not executed”
Finally we raised to SAP, and it was with the auth issue of the user SMD_BI_RFC, issue resolved by assigning additional roles by SAP Note 1391968 – Enterprise Support Report / PSLE Report – BI SelfService
We ends with the other error in BPO setup went with the red flag with the error “System status failed for system”, it was later fixed by the sap Note 1617181 – BPO Dashboard – Update log to wait for ccms_bi job
This is also bw relaed user created by solman_admin, responsible for the job EFWK Resource Manager. Mostly used for communication between abap and java stacks in the RCA scenario, this user is responsible for bw reporting if the bw is running on the same solman productive client,
please review theSAP Note 1684720 – SOLMAN_SETUP: issues in the User UI
All these users shared above are playing very important critical part in solman initial and basic configuration and also the later scenrio specific settings.
I was able to share few auth related problems and solutions here. But there are other users are also there. Hence it is always advisable to review the security guide for any error in solman_Setup ( Though the security guide which around 500 pages).
Hope this could help others give insight about the users issues we faced and solutions.
If you have come accross any other auth related issue faced in solman_setup, please share.