CUA configuration

Our CUA is not finding some SU01 user paramaters, because they do not exist in the CUA system. 
Roles can be uploaded from the child systems, but not Paramaters.   From the roles tab you can select roles, per system, and the CUA will find the roles from the child system.  Paramaters dont work this way, and there is not 'system' for each parameter.
We cannot create new users, from the CUA, with these missing parameters.
Any suggestions?      .....thanks

Scott,
Ben' suggestion will work best. Change it to Local of Proposal. I was also testing with Redist option. I can change the parameter in my ECC golden client, that parameter and value will be pushed to all other ECC and unfortunately BI, CRM and other systems too. Have some unexpected result when I add the parameter thru SU10. After all the experiments, Ben's suggestion was my final choice.
Remeber to set the switch in the PRGN_CUST Customizing table:
CUA_PARAMETER_CHECK switch, I set it to I (Ignore).
Right now I can insert the Parameter into the user master in my Central System even they do not exist in the Central system, and push them to the Child systems.
Have fun.
Lye

Similar Messages

  • GRC AC 10 CUA Configuration for Data Sources

    When using CUA as the search data source in GRC AC 10.0 the search is not working. If I change the data source to my ECC system it works fine. Also trying to use CUA as the first sequence in the Details sources, but it does not work either. Also noticed that the details sources only seems to recognize one sequence when multiple sequences are setup. Has anyone come across this as a problem?

    Hi all,
    I agree with Patrick, I received the answer from SAP, that once a user is found in a detail data source, GRC will take all data from this data source and not continue looking in the following details systems.
    Eg. USER1 is existing in CUA and HR, it will find the user in the CUA system, take email, phone no etc from CUA but will not continue looking for e.g. the missing personnel no data in HR.
    USER2 is existing in HR only but not in CUA - GRC will take the detail data from HR only.
    Did you try these scenarios?
    Regards
    Daniela

  • CUA configuration question

    Hi guys,
    I am in the process of "refreshing" our sandbox SRM 4.0 environment using R/3 as a backend. In order to allow for a realistic design where a SRM is added to an existing R/3 infrastructure, I decided to remove the previous (incorrectly installed) CUA schema (srm was central here), and to setup CUA again with R/3 backend acting as central system.
    Everything is quite clear, I just have some understanding problems with the issue of naming the RFC destinations exactly as the logical systems.
    In our environment, those rfc destinations already existed before using a login with SAP_ALL privileges for remote logon. The SAP documentation advises to use newly created users with limited privileges or to add the CUA roles/profiles to the existing users (SAP_BC_USR_CUA_***).
    This obviously doesn't make sense if the respective logon already has SAP_ALL.
    So to questions arise:
    1. What to do for this concrete issue (e.g. not creating any additional users or roles, just stick with superuser as RFC remote logon) ?
    2. What's the general preferred design for RFC destinations ? Does one create multiple RFC destinations to the same logical system, using different user depending on the distribution model ?
    Thx in advance
    Nick

    Hello Bapujee,
    You are certainly right. Infact i was rethinking on it after I posted my answer.Probably my way of explanation was not correct. It is definitely not a rule to have logical system name same as that of RFC though it is highly advisable and resolves any confusion. My answer to your second question will further clarify it.
    Regarding your second question where you have pointed out that you didnot understand my sentence the answer is simple. A large use of logical system is for data distribution between two SAP and ALE ditribution is an important mechanism in this. So let me explain this with the help of ALE model. Let us assume your host system is abc and also that we you have another SAP system XYZ. You can create any number of of RFC destinations XYZ,XYZ1,XYZ2 etc for system XYZ.
    Now suppose the logical system for XYZ is XYZ. Now when we create an ALE model for data distribution between our system ABC and XYZ then we need to use logical systems ABC and XYZ.  Lets also assume that the data is flowing from ABC to XYZ.
    Now when you try to do generate the partner profile  the model view SAP will look by default for RFC destination XYZ. If it finds it then it will generate the partner profiles successfully and also will allow you to distribute the ALE model view. If it doesnot find XYZ it won't allow you to generate the partner profiles and then you need to do it manually through WE20 and WE21 which is very tedious. You can try to do this by creating a dummy logical system in SALE and then a dummy ALE model view in BD64. It will really help you to understand the scenario. First just create a logical system TEST and don't create an RFC destination TEST for it. In second step create RFC destination TEST and then check for the results. In the third scenario create another RFC destination TEST1 which would be a copy of TEST and check again.
    Also one more and very important aspect of this is that every client of an SAP system should have a logical system assigned to it naturally. Now lets us take a scenario where system XYZ has  client 100 . Let us say we have a logical system XYZ100 assigned to client 100 of XYZ. Now you can again create any number of RFC destinations pointing to client 100 of XYZ but SAP by default will pick only that RFC destnation which is name as XYZ100 . If you don't have any such RFC destination created then you again need to do manual work as described above.
    However when no logical system is involved the issue become pretty simple. For example you have an ABAP program which fetches data through RFC calls from other systems.Suppose you are executing the program in ABC to fetch data from XYZ. here you can use any RFC destination XYZ, XYZ1 or XYZ2 since you will be feeding the same information while creating the RFC destinations. Here there is no need for a unique RFC destination.
    I hope this resolves your questions. Please let me know if you have any more questions on this topic. You are most welcome.
    Ands if you are satisfied with the answers please award points accordinly if possible for you to do so.
    Regards.
    Ruchit.

  • How to copy a role from one client to another in a system using the CUA?

    Dear all,
    I have a question about transporting roles. We have CUA configured on our SAP system. Our development environment contains several clients. Recently I created a role by using PFCG in the development environment named E1D-100. Later there was a need to affect a user by this role but on another client of the development environment named E1D-200.
    How can I transport a role from a client of the development environment to another client of the same environment.
    While I use SU01 to assign the role, after clicking on "user comparing", I can see that the new created role exists on E1D-100 (the client of the development environment where the role was created), but I see that the role doesn't exist on the other client E1D-200.
    How should I proceed?
    Thanks in advance,
    Dariyoosh

    Hello again,
    Thank you very much for all of your answers. I tried both solutions and both worked pretty well. Thanks a lot for your help.
    Kind Regards,
    Dariyoosh

  • CUA and role assignment

    Hi forum,
    I have a CUA configured where I want the profile and the role assignment to be distributed global from the central system. I can create new roles with PFCG assign, users there, but I don’t see these new roles in the user details in SU01.
    What am I doing wrong?
    Thank you!

    Hi Chris,
    Seems pretty simple to me. Since it is a new role you need to do a text comparision.
    In the central system of CUA execute the report SUSR_ZBV_GET_RECEIVER_PROFILES in SE38 transaction.
    In receiving systems give all the systems that are part of CUA including the central system (in this particular case only central system can be input since the new role is present in central system) Now execute it and then do the role assignment wither through SU01 or PFCG once again. Check once more.
    After every new role creation this report needs to be executed. This is what is known as Text comparison of roles which can also be done in SU01. Check for the pushbutton for text comparision under tabsrtip Roles within SU01.
    Regards.
    Ruchit.

  • CUP: user creation in CUA child client but incorrect CUP password feed back

    Hi all,
    This looks like the same unresolved post from Vincent Doux on this forum as well.
    Re: AC CUP: user creation in child client when already exist in CUA
    When we create a request for a new account to create a user in a CUA child client, - and the user already exists in the CUA master - we find that the password fed back by CUP via its email that has the password link in it, is not the one as it was created by CUA in the respective child client.
    Ergo, the user can not log on with the password provided by CUP.
    CUP's provisioning message is OK, the user is properly created in the child client but the the password given by email from CUP doesn't allow to connect user on to the child client.
    As a contra-test: When creating the user directly from  CUA manually the password is however working corrrectly on the child client.
    Does someone know how to have the correct password (CUA) in the CUP email notification or how to solve this?
    Both Java and CUA master and Child Client are on 5.3 SP 6. I checked OSS note 1168508
    Regards
    George

    Hi George,
    Have you got the CUA configuration settings maintained correctly?
    CUP may not be referencing the correct destination and therefore maynot be interfacing correctly to provide the correct password.
    Simon

  • Standby CUA

    Hi All,
    We have CUA configured for our whole landscape within our Solution Manager Server through which we are currently managing the user masters.
    However, if there is any crash on this server, we will end up waiting till this server is up and running. So, we need to have a standby solution for our CUA so that if the live CUA is unavailable, we should be able to use the Standby CUA to manage user masters.
    Please help.
    Thanks
    Vijay

    Hi Vijay,
    Unfortunately, there's no standby solution available.  However, we can probably have a work around for your problem. 
    - Can you verify if running transaction SCUG acceptable?  (If you noticed, the SU01 transaction screen will show-up extra buttons if the users are not synchronized between the CUA master and it's child system.  Using this idea, you can partially break CUA connection so the extra button will show-up and reconnect it once the server is available.)
    - It seemed that you're willing to have another CUA system available.  Going with this, you can probably do a system copy (if this is acceptable), but do not change the SID name or logical name of the clients.  Just re-point your SM59 RFC connections to this one while the server is down.
    (This are just some of the ideas but we can probably give more if you have some specifics like do you have a standalone JAVA system, how many child systems / users are we talking about, etc.) ...
    Thanks,
    Allaine

  • Deactivating CUA

    We have a DEV environment with two SRM client and one BW client, with users managed by a CUA client.
    Now we changed our definitions and decided to no longer use CUA.
    What should I do to deactivate CUA configuration ?
    I want that all systems work as independent systems and not as a child from CUA that would be eliminated.

    Hi Roberto,
    In order to deactivate CUA please go to transactions SCUA. here you will find the model view for CUA. Now in menu go to DISTRIBUTION MODEL and then choose DELETE.
    Select the radio button COMPLETE CUA. Now press the execute button. Since you are doing it for the first time to have a better idea first run it in test mode. Then you can uncheck the test mode option and go for actual deletion. This would completely delete CUA from your SAP.
    Please award points if you found the answer useful.
    With Regards.
    Ruchit

  • Profiles in CUA.

    Hi Everyone,
    We have CUA configured and theres the user CUA_ADMIN, due to some policies we have to remove SAP_ALL & SAP_NEW from the user CUA_ADMIN. I am not sure if i remove these profiles from the user CUA_ADMIN then will it be able to perform all the tasks as it used to do before.
    Moreover if i remove the profiles, then will i be creating some role and will be assigning to the user CUA_ADMIN. If the role needs to be created then please suggest me what all i need to add in that role.
    Waiting for the response!! Please help.
    Regards,
    Avneesh

    Note that the document mentioned above (from 2005) is not valid for current releases, for example the standard roles delivered might have changes since then.
    If you want to copy the standard roles into your own name space and tweak them (as recommended) then you might want to take a look at [this wiki on securing RFC|http://wiki.sdn.sap.com/wiki/display/Security/BestPractice-HowtoanalyzeandsecureRFC+connections] which I started because there were several questions on how to go about this.
    Also take note on the procedures for using (relatively new) object S_ICF for CUA (client side RFC server security) as even if you restrict the access of the RFC user, it will still need authorizations for user management because that is what it does. This is a very usefull and more secure new technique which is aimed exactly at scenarios such as CUA - where the user ID does need critical access and you want to increase 80% of the security with 20% effort.
    Cheers,
    Julius
    Edited by: Julius Bussche on Sep 16, 2009 10:32 AM

  • Where CUA exists?

    Hello Folks,
    Let us say we got R3 systems configured with ITS administration.
    Now, if i have CUA configured on these R3 systems,then does it mean
    1.CUA resides with in (One of the )R3 system?
    2.Or else, with in Workplace Server (WP)system?
    Also, does WP needs its own database to store the meta data?
    Thank you for your time.
    Ram

    Hi Rama,
    1) The CUA resides in one of the main R3
    2) the WP does not need a seperate database to store the meta data.
    award points to the useful solution.
    thanks
    Vijay Sriram

  • Error on creating user CUP to SAP backend

    Hello experts,
    I am implementing CUP 5.3 for one client but on the initial configuration of the workflow for new account, but when the request it's on the final stage the system it is not provisioning the users on SAP back end, and send the next error u201CError al crear usuario: <Sistema> - No se ha accedido al sistema centralu201D as you can see the system itu2019s configured in Spanish, so I can translate it like this: u201CError on creating user: <System> - Central system it is not been accessedu201D. Going to the logs it show the next Error:
    2011-02-14 18:19:54,296 [SAPEngine_Application_Thread[impl:3]_20] ERROR com.virsa.ae.service.ServiceException: No se ha accedido al sistema central
    com.virsa.ae.service.ServiceException: No se ha accedido al sistema central
         at com.virsa.ae.service.sap.SAPProvisionDAO.createUser(SAPProvisionDAO.java:317)
         at com.virsa.ae.service.sap.ProvisionSAPUserDAO.createUserInNonCUA(ProvisionSAPUserDAO.java:1736)
         at com.virsa.ae.service.sap.ProvisionSAPUserDAO.createUser(ProvisionSAPUserDAO.java:334)
         at com.virsa.ae.service.sap.ProvisionSAPUserDAO.provisionUser(ProvisionSAPUserDAO.java:109)
         at com.virsa.ae.accessrequests.bo.ManualProvisioningBO.createUserAndSendEmail(ManualProvisioningBO.java:426)
         at com.virsa.ae.accessrequests.actions.UserProvisioningAction.continueHandler(UserProvisioningAction.java:280)
         at com.virsa.ae.accessrequests.actions.UserProvisioningAction.execute(UserProvisioningAction.java:83)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Any one please help me to know the solution for this?

    Thanks Sunny for your response,
    Yes, the connectors are working fine, even if I assign a role to an existing user the role provisioning is done right in the back end, the problem comes when I try to create a new user because the system shows me the Error. I try adding the action USER_DEFAULTS to the request but nothing. Also the CUA configuration is set on u201Cselectu201D. I donu2019t know what is missing.
    Thank you for your help.
    Luis Fernando

  • Homogeneous system copy using database specific tools

    My enviroment is ECC6/Oracle 10.2.0.2/Solaris 10
    I'm attempting my first system copy (central instance ABAP) using database specific tools from my PRD to my QAS system
    in the source system I ran sapinst and proceed as follows
    Execution of Service SAP ERP 6.0 SR3 > Software Life-cycle options > system copy > oracle >  source system export >
    central system > based on AS ABAP ? Database Instance Export
    The export creates two folders and an file  ie ABAP, JAVA & LABELIDX.
    The folder ABAP is empty while JAVA has three files.see details below.  I have a feeling something is not right  ?
    Kindly advice before I proceed with database offline backup and importation in the target system
    */oracle/INSTDIR/MIGRATION-CD/SYSCOPY*
    *root@PRD#*
    *root@PRD#*
    *root@PRD#ls -l*
    *total 6*
    *drwxrwxr-x   2 root     sapinst      512 Jul 12 13:19 ABAP*
    *drwxrwxr-x   2 root     sapinst      512 Jul 12 13:19 JAVA*
    *-rw-rw-r--   1 root     sapinst       10 Jul 12 13:19 LABELIDX.ASC*
    *root@PRD#*
    *root@PRD#cd ABAP*
    *root@PRD#ls -l*
    *total 0*
    *root@PRD#*
    *root@PRD#cd ../JAVA*
    *root@PRD#pwd*
    */oracle/INSTDIR/MIGRATION-CD/SYSCOPY/JAVA*
    *root@PRD#ls -l*
    *total 6*
    *-rw-rw-r--   1 root     sapinst       19 Jul 12 13:19 LABEL.ASC*
    -rw-r-----   1 root     sapinst       14 Jul 12 13:19 LABELIDX.ASC
    -rw-r-----   1 root     sapinst      168 Jul 12 13:19 SOURCE.PROPERTIES
    root@PRD#
    root@PRD#     
    According to the system copy documents I've gone through I expect to see the following
    in the  export directory
    => structure with label files and source system information
    => database structure files (*.STR) for ABAP database objects
    => database statistics
    => Size calculation for the target database (*.EXT, DBSIZE.XML)
    => Archiving of the SDM
    => Archiving of  application specific file system content
    I get a dialog box message that the export has completed successfullu but only two phases were done ie
    => NW_export
    => Prepare To export Java

    Thanks Mark
    I'll proceed with the import & inform you about the outcome
    My QAS system is the transport domain controller i.e. it hosts the transport directory /usr/sap/trans
    What happens to pending transports after system copy ? Is there a way I can retain them or do I have to advice my users to complete pending requests so that I can import all of them before proceeding .
    what happens to the CUA configurations in my 3 tier system landscape after I overwrite QAS ? I will make a note of all the RFC's & thier configuration details just incase I need to recreate them
    Regards

  • Need log of the users who changed the partner profiles.

    Hi,
    Some user has been changed partner profiles of the CUA configuration Setup.
    It is displaying only Agent Name. They delete the Inbound and outbound parameters of the partner profiles created by CUA. So, I need to trace out the user who changed these parameters.
    It will be appreciate if anybody can help in this issue.
    Thanks,
    Shiva.

    I resolved this issue by deleting the partner profiles created by CUA in all child clients. And delete the Distribution model in all child clients and re-distribute the distribution model from Master client.
    Now its working fine.
    But I am not able to trace out the user who changed partner profiles. I checked in ST03N but i didnt get the information abt the we20. ( I am using ECC 6.0 version).
    And in WE20 it is not showing any User ID who changed the partner profiles. I checked in following tables but I didnt find any changed details of partner profiles.
    EDIPHO
    EDMSG
    EDP12
    EDP13
    EDP21
    EDPP1
    T002T
    T005T
    Regards,
    shiva.

  • SM58 Transaction   Error

    Hi Everybody,
    All day we are having the problem in the SM58 transaction in PRD environment.
    The message thar appear is :
    Caller       Function Module               Target System Date       Time     Status Text                                          Transaction ID           Host     Tctn Program                                                                               
    CUA_ECP_400  SUSR_USER_RESPONSE            SMDCLI200     14.06.2010 14:47:12 wrong Name or password               0A090A1904F04C166B1F0BD6 ecc01         SAPMSSY1
    Caller       Function Module               Target System Date       Time     Status Text                                          Transaction ID           Host     Tctn Program                                                                               
    CUA_ECP_400  SUSR_USER_RESPONSE            SMDCLI200     14.06.2010 14:47:38 User is locked   0A090A1904F04C166B390BE1 ecc01         SAPMSSY1
    We have a CUA configured in the Solution Manager, i already checked that the user
    CUA_ECP_400 is not locked   in PRD and Solution Manager.
    How can we solve this issue?
    What log can i check?
    Best Regards,
    Fábio Karnik Tchobnian

    Dear
    Double click on the connection SMDCLI200 in SM58 and check the connection test & authorization test.
    The caller entry in SM58 does not equal the user that is used in the actual connection. So most likely you are looking at the wrong user as you mention the user is not locked, the log clearly states the user/pass is incorrect and that after X attempts the user gets locked.
    When the authorization test fails, you will have to check the correctness of the password in the RFC definition and if the user is locked on the target system.
    Kind regards
    Tom

  • Download/Upload roles in PFCG

    Hi,
    We have a system where in 300 client, CUA is configured. I'm trying to import some roles from another client 800 to 300. In SCUA(300), 800 is not the child system. We require some roles exactly in 300 from 800. I downloaded a role from 800 and uploaded in 300 and generated the profile. But when I'm trying to assign an user to it prompts to save the role first. When clicked save it's prompts this role doen't exist. I tried to assign the role in SU01 too, it shows the same error. Is it not possible to downlaod and upload any role from another client to a client where CUA is configured?
    Kindly suggest.
    Regards,
    Avinash

    Hi Avinesh
    Kindly check the field distributor parameters on your role in client 800?(before downloading) refer the SCN link point number 7
    CUA Configuration steps
    BR
    SS

Maybe you are looking for

  • Why won't my Mac connect to the Internet?

    On occasion we have to reset our modem, but today my Mac won't connect while my iPad is working fine with the Internet.

  • Stream From AppleTV to iTunes?

    I can see my AppleTV from iTunes, but all music is grayed-out. Does anyone know if there is a way to play the music content inside an AppleTV from iTunes similar to playing the music in an iPod that is connected to the computer? Thanks!

  • Archive Page in the Navigation Menu

    The selection for including the Archive Page in the Navigation Menu is greyed out. Is there a reason for this and/or any way to get it there other than creating a text box & link.

  • OO ABAP and BSP coding standards

    Hi, Can anyone send me the documnet for OO ABAP and BSP coding standards. Points will be rewarded. Regards Sandeep Reddy

  • Not able to install Siebel Determination Server

    Hi, I have installed Oracle policy modelling (10.4.1) successfully, able to make rules. Now I have installed Siebel connector, done all the changes at Siebel side. How ever I am facing challenges in deploying Siebel Determinations Server, request you