Why do we need CUA ?
CUA or central use administration is actually configured to save the money and resource to manage large and similar user exist in many system in the landscape .This tool help us to manage all the user master record centrally from on client of the system .
Complex system landscapes.
Manual Maintenance of user information in all the available systems.
Tedious Administrative task
Complex administrative job may lead to Security problems
Manual Maintenance of user information in all the available systems.
Tedious Administrative task
Complex administrative job may lead to Security problems
Benefits of Central User Administration
•Once you configure CUA users can only be created or deleted in the central system.
•User attributes can be maintained only locally, only centrally, or both centrally and locally
•Therefore, the required roles and authorizations must exist in active form in all child systems.
•As a result each user only has to be administered once centrally which gives the administration a much clearer overview of all users and authorizations.
Steps by Step Process :Few Points
- We need a SAP Landscape/single system with multiple clients
- The administrator should have access to SAP and tcodes SU01, BD54, BD64, SCC4, SCUA, SCUM, SM59
- We do need to create Create system users in central system and child systems
- Create RFC connections between systems
- Create logical system
- Assign logical system to corresponding clients
- Create model view
- Add BAPI to model view
- Generate partner profiles and distribute model view
- Create CUA and distribution model
- Maintain parameters between central and child systems
Preperation:
First we would be needing 2 client of system's for the configuration .
For example I am hereby taking a system EC3 with 2 client : 400 (Central client ) ; 410 (Child System )
1.) Create system user :
These system users required for RFC configuration between two clients.These RFC are being required to transfer the data here. We do need to create following in the respective clients with the below defined roles :
Client 1: 400 User ,this is a central system : CUA_EC400
Client 2: 410 User,this is a child system : CUA_EC410
Above are the usernames created in client 400 and 410 respectively with below roles.
User CUA_EC400 with below roles(roles in the central system)
SAP_BC_USR_CUA_CENTRAL
SAP_BC_USR_CUA_CENTRAL_BDIST
SAP_BC_USR_CUA_CENTRAL_EXTERN
User CUA_EC410with below roles( roles in the child system)
SAP_BC_USR_CUA_CLIENT
SAP_BC_USR_CUA_SETUP_CLIENT
2.)Create RFC connections between system:
1.Go to SM59 tcode and select ABAP connections
2.Click "Create" button or press F8
3.Enter the RFC connection name(ie.EC3CLNT400&EC3CLNt410) and choose connection type as 3 which means ABAP connecions
4.Enter the description of the RFC like "RFC connection for CUA" and save
5.Now Enter the Target Host as system name(Computer name) of the EC3 system or enter the IP address of the system and system number of EC3(like 00)
6.All the above settings must be carried out on "Technical Settings" tab
7.Next go to "Logon & Security" tab
8.Enter the Client number of the target client EC3system i.e.
9.Also enter the username and password which is created in EC3 target client in initial stage
10.Language is optional and similarly Unicode option in Unicode tab
11.You can select "Unicode" option if target system is Unicode system or leave it
12.Now save the settings and you will be prompted "Connection will be used for Remote logon"
13.Click "OK" and Click "Connection Test" or Ctrl+F3
2.Click "Create" button or press F8
3.Enter the RFC connection name(ie.EC3CLNT400&EC3CLNt410) and choose connection type as 3 which means ABAP connecions
4.Enter the description of the RFC like "RFC connection for CUA" and save
5.Now Enter the Target Host as system name(Computer name) of the EC3 system or enter the IP address of the system and system number of EC3(like 00)
6.All the above settings must be carried out on "Technical Settings" tab
7.Next go to "Logon & Security" tab
8.Enter the Client number of the target client EC3system i.e.
9.Also enter the username and password which is created in EC3 target client in initial stage
10.Language is optional and similarly Unicode option in Unicode tab
11.You can select "Unicode" option if target system is Unicode system or leave it
12.Now save the settings and you will be prompted "Connection will be used for Remote logon"
13.Click "OK" and Click "Connection Test" or Ctrl+F3
3.)Create logical system:
You need to create logical system for each client/ system and make sure it shouldn’t defer from RFC connections respectively
Go to BD54 tcode and setup logical systems.
4.)Assign logical system to corresponding clients:
Go to tcode SCC4 and assign the logical systems to each client/system respectively
5.)Create model view:
this steps need to be done in the Central system .
- Login to the central client of the system
- Go to transaction BD64 amd click on chage button .
3. click create model view button and enter the model view
4. Enter a short description and technical name as shown in the below and hit ok button
6.)Add BAPI to model view:
Select the model view and click “Add BAPI”.
You need to enter model view, sender/client, receiver/server object name/interface and method.As said initially I used 400 client as sender/central system and 410 client as receiver/child systems
Enter the “object name and Method” as per above figure and click ok button
7.)Generate partner profiles and distribute Model View:
We are done with model view creation and BAPI.Now we need to generate partner profiles go to Environment and click generate partner profiles
You will get a message saying partner profiles are generated newly if your generating 1st time or you will get a system message like below figure.
Come back to the BD64 screen and select the model view and go to Edit ModelView --> select Distribute.This will distribute your model view to child systems and you will get message like below
So now we are done with model view creation and distribution.
Installation :
8.)Create CUA and distribution model:
Go to tcode SCUA and create distribution model.Enter the model view name which is created in BD64 earlier and click create button as shown in below figure.
Now you will get a screen like below and select the child systems in the pop up screen
Once you selected the system name and click save.You will get a screen like below if you are done everything correctly which means your CUA configuration is done successfully.
9.)Maintain parameter between central and child systems:
Once we are good with CUA configuration there are parameter setup needs to be done from central system like which all are maintained in central and child systems
Go to SCUM tcode ànd click to change mode for parameter maintenance
It will give you broad idea about what are the parameters should be maintained centrally and which can be maintained child system as well as globally.
Ex. Role addition should be done from central system and password reset and defaults can be maintained from both centrally and local