Central User Administration (CUA): Remote Change of User

Dear experts,
I have following CUA scenario within my company:
We have a CUA which provides a couple of R/3 daughter systems/clients. Further we have a HR system stand-alone-system which is also integrated in our CUA.
I tried to create a ABAP on the HR system which is changing the user masta data (especially the roles of a user) on the CUA system via RFC BAPI´s on a regular basis. Unfortunately it´s doesn´t works, because I don´t know the correct BAPI´s to change die CUA data. BAPI_USER_ACTGROUPS_ASSIGN changes only the locale R/3 user roles...
In my opinion the CUA specific user roles are in table USLA04 - which will be doesn´t changed.
Maybe somebody had the same requirements in the past and can help me? Thank you in advance!
My coding so far:
REPORT  zzh_t_role_change_zbv.
PARAMETER: i_pernr TYPE pernr-pernr DEFAULT '90000007',
           i_usrid TYPE sy-uname DEFAULT 'SCHEFFLM',
           i_date  TYPE sy-datum DEFAULT sy-datum.
DATA: lt_bapi_return    TYPE STANDARD TABLE OF bapiret2,
      lt_profiles       TYPE STANDARD TABLE OF bapiprof,
      lt_activitygroups TYPE STANDARD TABLE OF bapiagr.
DATA: ls_bapi_return    TYPE bapiret2,
      ls_profiles       TYPE bapiprof,
      ls_activitygroups TYPE bapiagr.
DATA: lv_zbv_sysid     TYPE sy-sysid,
      lv_zbv_clnt      TYPE sy-mandt,
      lv_zbv_logsys    TYPE uszbvlndsc-sendsystem,
      lv_zbv_rfc_dest  TYPE rfcdes-rfcdest,
      lv_usrid_zbv_get(10).
lv_usrid_zbv_get = i_usrid.
*--- Zentrale Benutzerverwaltung: Zentralsystem des Users ermitteln ---*
CALL FUNCTION 'SUSR_ZBV_CENTRALSYSTEM_GET'
  EXPORTING
    delivery_model           = lv_usrid_zbv_get
  IMPORTING
    central_system_sysid     = lv_zbv_sysid
    central_system_clnt      = lv_zbv_clnt
    central_system_logsys    = lv_zbv_logsys
    central_system_rfc_dest  = lv_zbv_rfc_dest
  EXCEPTIONS
    duplicate_central_system = 1
    new_system               = 2
    OTHERS                   = 3.
*** Errorhandling
IF sy-subrc NE 0.
ENDIF.
*--- Existenz des Benutzers prüfen ---*
CLEAR: ls_bapi_return.
CALL FUNCTION 'BAPI_USER_EXISTENCE_CHECK' DESTINATION lv_zbv_logsys
  EXPORTING
    username = i_usrid
  IMPORTING
    return   = ls_bapi_return.
*** Errorhandling
IF ls_bapi_return-id EQ '088'. "Benutzer existiert nicht
*** close RFC connection
  CALL FUNCTION 'RFC_CONNECTION_CLOSE'
    EXPORTING
      destination = lv_zbv_logsys.
  EXIT.
ENDIF.
*--- Rollenzuordnungem zum Benutzer lesen ---*
CLEAR: lt_bapi_return.
***************SUSR_ZBV_ROLES_RESOLVE
CALL FUNCTION 'BAPI_USER_GET_DETAIL' DESTINATION lv_zbv_logsys
  EXPORTING
    username            = i_usrid
* IMPORTING
*   ADDRESS              =
*   LASTMODIFIED         =
*   ISLOCKED             =
  TABLES
   profiles             = lt_profiles
   activitygroups       = lt_activitygroups
   return               = lt_bapi_return.
*** Errorhandling
LOOP AT lt_bapi_return INTO ls_bapi_return.
ENDLOOP.
IF ( ls_bapi_return-type EQ 'A' ) OR
   ( ls_bapi_return-type EQ 'E' ).
*** close RFC connection
  CALL FUNCTION 'RFC_CONNECTION_CLOSE'
    EXPORTING
      destination = lv_zbv_logsys.
  EXIT.
ENDIF.
*** Gültigkeitszeitraum von Rollenzuordnung setzen
CLEAR: ls_activitygroups.
LOOP AT lt_activitygroups INTO ls_activitygroups.
  ls_activitygroups-to_dat = i_date.
  MODIFY lt_activitygroups FROM ls_activitygroups.
  CLEAR: ls_activitygroups.
ENDLOOP.
*--- gesamte Aktivitätsgruppenzuordnung ändern (zeitlich abgrenzen) ---*
CLEAR: lt_bapi_return.
*SUSR_USER_LOCAGR_ACTGROUPS_ADD
*SUSR_USER_CHANG
*CALL FUNCTION 'BAPI_USER_ACTGROUPS_ASSIGN' DESTINATION lv_zbv_logsys
*  EXPORTING
*    username       = i_usrid
*  TABLES
*    activitygroups = lt_activitygroups
*    return         = lt_bapi_return.
*--->SUSR_USER_LOCAGR_ACTGROUPS_PUT
*--->SUSR_USER_PROFS_BUFFER_SAVECHK
*--->SUSR_ZBV_USER_SYSTEM_SAVE
*--->SUSR_USER_BUFFERS_TO_DB 
*--->SUSR_USER_GROUP_BUFFERS_TO_DB ????
*--->SUSR_USER_PROFS_BUFFER_TO_DB ????
*--->SUSR_USER_LOCPRO_BUFFER_TO_DB ????
*--->SUSR_UM_USR_AGR_BUFFERS_TO_DB ????
*--->SUSR_UM_USR_SYS_BUFFERS_TO_DB ????
*--->SUSR_USER_AGR_BUFFER_TO_DB ????
*--->SUSR_USER_LOCAGR_BUFFER_TO_DB ????
*Anmerkung: Profile werden nicht berücksichtigt, da diese eigentlich nicht
*mehr in Verwendung sein sollten (nur noch Rollen)
*--- Rückverteilung der geänderten Userdaten an Tochtersysteme ---*
*SUSR_ZBV_USER_SINGLE_SEND
*SUSR_ZBV_USER_SEND_BACK
*SUSR_USER_DISTRIBUTE
*** close RFC connection
CALL FUNCTION 'RFC_CONNECTION_CLOSE'
  EXPORTING
    destination = lv_zbv_logsys.

Try BAPI_USER_LOCACTGROUPS_ASSIGN

Similar Messages

  • Central User Administration Idoc's for a XI system

    Hello,
    We are setting up a Central User Administration (CUA) in Solution Manager. One of the systems that needs to be a child of this CUA is a SAP XI 2.0 system.
    The distribution of the Users is done by IDocs.
    Everything is working fine from the CUA to a SAP R/3 system.
    But when we make the XI 2.0 a child all the IDoc's are caught by the XI IDoc adapter in stead of going directly to the IDoc inbound handler of the XI system.
    Has anyone been able to send an IDoc to an XI 2.0 and bypassing the IDoc adapter and sending them directly to the XI IDoc Inbound handler?
    Any kind of info will be greatly appriciated.
    With kind regards,
    Leon Boeijen

    Hi Leon,
    to bypass the IDoc Adapter for specific IDocs you can specify these IDocs using the report IDX_SELECT_IDOCTYPE_WITHOUT_IS.
    Kind regards,
    Andreas

  • Central User Administration

    Hello,
    i want to realize a central user administration between two different SAP Systems.
    In an testing environment i realized it between two logical systems with different mandants in one SAP system.
    Now it should work between two hosts. For example SAP1 192.168.150.1 and SAP2 192.168.150.2. What are the differences i have to consider?

    Lets take two systems with SIDs: “SA1” and “SA2”.
    1. Cerate logical system name SA1MNDT100 on SA1 identifying mandant 100 on SA1
    2. Assign it to mandant 100 in system SA1
    3. Then on SA2 you have to tell that there is system named SA1MNDT100 ready for communication, so you must create logical system name SA1MNDT100 in SA2 but you don’t assign it to any mandant (because from SA2 point of view it is a remote system)
    4. Then on SA2 create the RFC Destination with exactly the same name as your logical system defined in step 1 SA1MNDT100 pointing to hostname or ip of SA1/mandant 100 (this links remote logical system name with remote SAP system SA1)
    5. Then on SA2 create different system name SA2MNDT500 indentifying mandant 500 on SA2
    6. Assign it to mandant 500 in system SA2
    7. Then on SA1 you have to tell that there is system named SA2MNDT500 ready for communication, so you must create logical system name SA2MNDT500 in SA1 but you don’t assign it to any mandant (because from SA1 point of view it is a remote system)
    8. On SA1 cereate the RFC Destination named SA2MNDT500 pointing to SA2/manadt 500.
    Hope this clarifies your doubt.
    -- Grzegorz

  • Central User Administrator in SAP 4.7

    Which the steps for configuration of the CUA (Central User Administrator) in version SAP R3 4.7... Nobody know....

    Try this:
    http://help.sap.com/saphelp_nw2004s/helpdata/en/08/ed591f9ff00343952f11a7b707f28a/frameset.htm
    Hope it helps.

  • Central User Administration using EP

    Hi,
    Can any body tell me how we can do central user Administration using EP. My landscape has multiple SAP systems, BW system and EP system. How should we go about it?
    Any help?
    regards,
    Sujesh

    HI Sujesh,
    EP is not able to serve as a hub for central user administration in my opinion.
    You can connect EP to several user stores like LDAP servers (including Microsoft ActiveDirectory) and SAP Systems.
    So
    a) you store all your users in an LDAP and connect all your SAP systems to that LDAP
    b) you declare one of your SAP systems as central user administration (CUA) "master", connect all other as "slaves" and connect the EP UME to the master
    But in any way - there is no GUI inside the EP where you can administer all user related things like roles from all systems, etc. This can only be done in an ABAP system.
    Hth,
    Michael

  • Central System Administration in Workcenter - Remote Logon Issue

    Hi,
    We have a problem in our Solution Manager and we would like to know if is possible to fix it.
    We have configured Central System Administration correctly for our satellite systems. We have configured some tasks and we are able to do remote logon to run some transactions in the stallete systems.
    The problem comes in the Workcenter via web. In the workcenter we access to the Central System Administration and when we try to do remote logon to the satellite system nothing happens.
    Anyone knows if it is possible to do remote logon to the satellite systems using workcenters?
    Thanks,
    Roberto

    From the transaction SOLMAN_WORKCENTER, navigate to the System Administration tab.
    From the menu on the left select the task "Administration Tools".
    Select your system from the table on the right
    At the bottom of the screen you will see "Details for system <SID>"
    Select the client and the RFC from the drop down menu. 
    You should see a list of Tools for Application Server with corresponding TCODES.  If your selected RFC is functioning properly and the user ID specified in the RFC has the correct authorizations you should be able to log on remotely by clicking on the link provided.

  • Central User Management Implementation

    H
    In one of our customer landscape, there are 10 prod instances and Virsa is checking the conflicts against each system.
    Now the customer would like to adopt to Central User Management (where users and roles are maintained centrally from one instance).
    We would like know if single/composite roles can be administered centrally and what changes are needed for Virsa to check conflicts from CUA central system?
    Regards
    Madhu

    You're right, CUA would be perfect for you. I'm afraid you don't understand what CUA does. In your situation you'd have a CUA master client and 14 child clients. When you connect a child client to the master you run SCUG on the CUA (master) to synchronize the user and role INFORMATION (not the actual users and roles) So the users and roles do not exist on the parent CUA system.
    And the roles do not have to be consolidated because they STILL exist only in the CHILD systems.
    Now do you see why you cannot connect Virsa to the CUA system? There's NOTHING on the CUA system for Virsa to analyze

  • "System is not a child system in central user maintenance network" problem

    Hi ppl,
    I have added one new role for a user id. After that, I log on using that user id. However the message "System is not a child system in central user maintenance network" appeared. What has happened and how to solve the problem? Thank you.

    This error message occurs when a user tries to logon to the CUA master system <u>and</u> when his account is <u>not</u> assigned to this logical system (see SU01: tab "systems", displayed only in the CUA master system).
    You need to define the CUA master system also as CUA client system and assign that system to the user master record; otherwise the user cannot logon to the CUA master system.
    Regards, Wolfgang

  • Regd : How to find Validity date for a user in central user system

    Hi Experts;
    I want to get the list of users with profile SAP_ALL  with following details like validity ,user type ,user name ,user id..
    I can get through SUIM for each individual systems.Its very difficult to login to each system ,generate the report.So I prefered to go for Central system
    But if I use central user system I have no option to find validity and user type for the system ( SUIM - > Cross system application )
    I have also tried to the table USRO2 ( which gives only the list of users in the central system )
    So is there any possible ways to find the Users with profile SAP _ALL with validity date in the central user system. So that I can easily generate it as one report instead of logging to each and every system
    Regards
    Sanjeev.S

    Hi Ruchit
    Thanks for your reply. I want to find the validity date of all users having SAP_ALL
    profile of all child system connected through central user system .So it is possible
    to do that in Centrals System by executing the report?
    If I execute that report in Central user system will it give the details of all child
    system connected to central system
    I think it will give only the result of Central system and not the child system connected to Central system.Please clarify me.
    I can execute the report by logging to each child system ,but it takes very long hours for me since there are many system in my landscape.
    Awaiting for your reply.'
    Thanks
    Sanjeev.S

  • Unable to switch Central System Administration into Change Mode

    Hi,
    I am bit rusty on the Solution Manager - Central System Administration.
    While experimenting with my Solman system I did the following.
    1. Logged into Solman and started transaction Solution_Manager
    2. Switched to the Solution that has been configured and then followed Operations Setup->Solution Monitoring -> System Administration -> Central System Administration for <My System> (here my system is the system I wish to monitor).
    3. After following the navigation to the selected item as described in step 2, I selected the menu items Session Components->Complete.
    4. After this action of selecting the Complete session from the menu, my Central System Administration for <My System> is continuously showing Display Mode.
    I am unable to switch back the system to Change Mode.
    Am I missing something ? What needs to be done ?
    Regards,
    Siddhesh

    Siddhesh Ghag wrote:>
    >
    > 3. After following the navigation to the selected item as described in step 2, I selected the menu items Session Components->Complete.
    >
    > Regards,
    > Siddhesh
    This was the wrong step. By setting the Session Component to "Complete", no further changes are allowed (and you receive a pop-up).
    The procedure to reopen the session component is not documented for customers. Please create a customer message on SV-SMG-MON-CSA, open the service connection and provide logon information.
    You might state my name in the message, I will then assist the message processor.
    Best regards,
    Ruediger Stoecker

  • Missing User Holder Icon only Central User Icon Exist

    Classic Scenario; SRM 5.0
    Hi everyone,
    I had one another question - more of a clarification -  I created a user in SU01.  And then in order for me to assign this to the org structure I use the transaction USERS_GEN --> Copy User and Employee Data from a Template.  This works great.  Once this ID is assigned to the org structure - I don't see a User icon -
    US VACTEST2 for example.  I only see the central user (Vactest2).  I have to right click on the Position (s_50015559) and assign the Holder "User" to create a user.  
    Do you know if this is a standard way to have the Holder User created?  Or is there another way when you create a user that the User Holder is created?
    Thank you for your help,
    Jay

    Hello Jay,
    We have the same problem as you had once.
    How did you solve it?
    Central user and position of a user exist in the org.Structure but the USER icon does not appear.
    How can we agregate it?
    Thank you,
    Aart

  • My Macbook was hacked by somebody right after activating downloaded VLC player. I couldn't control my machine. Every thing was messed up! Finally after reboot I realized that even my administration password was changed. Stupid hint I was able to reed: Wha

    My Macbook was hacked by somebody right after activating downloaded VLC player.
    I couldn’t control my machine. Every thing was messed up! Finally after reboot I realized that even my administration password was changed. Stupid hint I was able to reed: What located in box above low case ? I used my friends computer and founded hot to fix my problem using Unix commands to reboot in a single user mode. I founded a lot of different solutions which had prity the same beginnings but very complicated continuation, which, I understood will force me to cach during restoration anuther crap – time bomb in my mac! Finaly I did restor. somehow. But still feel somebodyies presents. Safary messed up – I will send you a log Itunes – messed up. Speaker in a top menu – grayed, and I can’t control my volume. But the most triky thing – bouth my Apple keybords – internal and mostly bluetouth external also working and typing wired! I am sorry for my spelling, because I cant check spell for Mac’s Word (in Microsoft it was F7) I have also several attacks from my neighbors by community I know their names, because they are somethere very close to me – I can see them throuth FI-FI connection. They often kick-me out from my place and started to use my resaurces. And also Mackeeper make me a hard time!
    In Microsoft times u just reinstalled computer – clean installetion from corporate licensed disk. But now I am a beginner in MAC – I love it! But a lot of new and triky – at this way
    Fore example – my goal – to do fool Macbook backup at external USB drive using boot srartup option and make my life yaser in case of crash. But now, I don’t know if I can trust recommended program  Carbon copy cloner – Ms. Bombich?
    I am very sorry for my spelling, because I feel somebodies presents, who playin with me.
    Final question Do I need some antivirus Mac compatable which is update paches, service packs? How to map defolt documents folder not to a local, but to external USB?
    Esquse me for a lot of questions, but I am beginner in MAC, and I LOVE it!
    PS. Good news. Looks like Safari came back! Somebody, probably allredy helping!
    But my interface qute different from original – so something still wrong!

    Didn't really read much at all of your post. Much, much too long, irrelevant details and & no paragraphs.
    Can't use time machine due to corruptness
    Post over here -> Mac OS X v10.6 - Snow Leopard forum
    About my macbook and apple ID how can I upgrade my Macbook from 10.6.3 to 10.6.8 with out all the permissions being changed and corrupt??
    Same as above. Post in the correct forum.
    Need to gain access to my apple Id that would be a great start
    -> http://support.apple.com/kb/HT5625

  • No administration authorization in Change and Transport System in CHARM

    Hi guys,
    I am currently working for CHARM implementation for ECC 6.0
    now my problem i created an urgent correction  and i released the transport request successfully, but when i try to execute the Pass correction test action it is saying that No import into test system has taken place yet. then i went to task plan and checked there in quality system it is saying No administration authorization in Change and Transport System.
    So i asked my basis team to assign the S_TMW_IMPORT profile to user TSADM in 000 client of quality system and additinally our basis team has assigned S_CTS_ADMI. authorization object to TSADM user ID in 000 client of quality system. But SAP has suggested to assign S_CTS_IMPALL and S_CTS_IMPSGL authorization profile to S_CTS_ADMI.
    But the problem is S_CTS_IMPALL  and S_CTS_IMPSGL authorization profile is not available in 000 client of quality system.
    Kindly give your valuable inputs as early as possible. the solution provided by anybody will be rewarded with points.
    Thanks&Regards
    Raju

    can you try assigning the below profiles to that ID.
    S_TMW_OPERA     
    Operator in CTS (All Transport Authorizations)
    S_CTS_ALL     
    Transport system: All authorizations
    S_CTS_DEVELO     
    WBO: Profile for developers in P systems (incl. tasks)
    I too have checked and i did not come across the profiles nor objects S_CTS_IMPALL and S_CTS_IMPSGL .
    Where did u get the message that they have to be imported ?
    Hope it helps.
    Award points for the replies that are helpful to you.
    Rgds,
    Sri

  • Auto email Transmission for Central system administration

    Hi Experts,
    I want to setup an auto email transmission for "Central system administration" report in solution manager.
    If anyone aware of the process, please guide.
    Thanks,
    Basis Consultant

    Hello,
    To setup CSA you will need to perform three important pre-requisites if you already have not done so.
    > Create a Solution Landscape
    > Setup the RFC connections between Solution Manager and the Satellite systems in your Solution Landscape
    > Assign the Solution Monitoring Roles to the users.
    In terms of the Automatic Email Notification it is currently not available as a standard functionality. 
    Thanks,
    Mark

  • Central system administration (CSA) in solution monitoring

    Hello,
    I want to configure my solution manager for central system administration (CSA) which is a service provided under solution monitoring of transaction dswp.
    I couldnt find any documents for this configuration.
    Could you please help me out..
    Regards,
    Gurudath Pai

    Hi Gurudath,
    If you have an s-user id, step-by-step tutor files with screenshots are available at
    https://service.sap.com/rkt-solman > Solution Manager > Solution Manager 7 > Technology Consultant & System Administrator > System Monitoring, Administration
    Before configuring CSA, you have to:
    1. Perform basic settings for Solman (use wizard based approach)
    2. Setup the system landscape
    3. Create solution
    4. Now you can configure CSA
    Revert if you need clarifications
    Prasad

Maybe you are looking for

  • PO change log report

    Dear experts , Do we have any standard report that would give the details of PO change log . I do not want to open the PO document & check for its change log , but want a report with multiple pos as input & corrsponding changes as o/p . Regards Anis

  • Using SRW api : strange error message

    Hi all, i am using the srw api to generate reports out of the database. here is the procedure i have written: CREATE OR REPLACE PROCEDURE Create_Reports AS v_paralist PORTAL.SRW_PARAMLIST; v_ident     PORTAL.SRW.JOB_IDENT; BEGIN v_paralist := PORTAL.

  • Create Server-side WebService un an ADF Fusion-Web application

    Hello, I have a Fusion Web application with a model having several entities / VOs. I saw in the Application Module options that I can expose some of the methods as a Web Service. Since I may need to use this model in a remote way (from another applic

  • Bonus Digital Copy

    Today I was downloading the The Dark Knight digital copy. It download all the way to the end but never finished. I deleted it and tried to redownload it. Same thing happened. So I closed itunes and restarted the program. Now that I'm on the program i

  • How do i get pages to automatically make i a capital??

    i'm new to using a mac, and i cant seem to get pages to make an 'i' a capital when on its own, and also when i start a new sentance is it possible to get pages to make the first letter a capital on its own?? if you can help me, please do!!!!!