CUA history for child systems

Similar Messages

• RFC for User Lock and Unlock for child systems in CUA

  Dear All,
  Can anyone tell me, how to lock or unlock a user in child systems from CUA using a BAPI or RFC.
  As per the requirement I can not use TCode SU01 for this purpose. I can only use RFC/BAPI for the same.
  Thanks
  Om
  Edited by: Om Somesh on Apr 13, 2009 3:57 PM

  Hi OM,
  One way could be to use RFC_READ_TABLE in order to look at USR02.
  The second method is by using SCUM transaction code
  Regards
  Krishna

• CUA- Login to Child System

  Hi,
  I have configured CUA in System ABC as Central System
  System XYZ is the child system
  The  user TEST exist in both Child and Central System. Hence i have done a transfer of User TEST from child to Central System
  Please let me know the following
  1. After the transfer, the user is also present in Child System , Please let me know whether this is usual
  2. As per my understanding, i should use the same Password in CUA System to login to all child systems. Please confirm

  Hi,
  CUA is only for user administration of all the systems from one system. Yes once you change the password of the child system from a central system it is automatically distributed to the child system.
  Please check with the link below for better understanding:
  http://help.sap.com/saphelp_nw04s/helpdata/en/fa/0ec43b5d091b3de10000000a114084/frameset.htm
  Regards,
  Pavan

• SAP CUA connector changes password in master system AND child systems?

  Please confirm if OIM can change the password in both SAP CUA master and child systems through SAP CUA connector. The connector guide mentions the following parameter can be defined in SAP CUA IT Resource.
  Parameter: SAPChangePasswordSystem Flag that accepts the value X or ' '
  If the value is X, then the password is changed
  only in the master system. If the value is ' ', then
  the password is changed in both master and child
  systems.
  This parameter is used by the Reset
  Password function.
  Thanks!

  Hi,
  1) You can use report RSCCUSND to distribute users from CUA to child client. Check section "Sending User Master Data to a Child System" in [CUA cookbook|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/fe4f76cc-0601-0010-55a3-c4a1ab8397b1?quicklink=index&overridelayout=true].
  2) if the user account has not been synced to CUA then you should be able to delete it in child system. The button should be displayed for unsynced users. You can use transaction SCUG to sync users between new child system and CUA. Check section "Transfering Users from New System" in [CUA cookbook|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/fe4f76cc-0601-0010-55a3-c4a1ab8397b1?quicklink=index&overridelayout=true].
  Cheers

• Push SAP passwords to all child systems

  Hi,
  I use IDM 8.0 to connect a CUA.
  Has anybody been able to push IDM password to CUA and all child systems (ECC, BI, SAP Portal, Solution Manager...) ?
  I can only change password on the CUA but not on the child systems the users have access to.
  When I change a user password in IDM, I can see in SAP logs that the password is changed in the CUA (if the user has access to the CUA, which is not the case for all the users) but instead of changing the user password in the child systems it only try to unlock it (which is useless).
  Any help ?
  Thanks,
  Ben

  For your information, looks like it was a bug corrected in IdM 8.0 patch 8.
  I didn't try it so I can't confirm it works now.
  Ben

• Integrate GRC 10.1 with CUA and how to import roles from CUA & Child systems into GRC for provisioning

  Hello,
  I am trying to integrate CUA into our GRC 10.1 system through the below steps and so far I have completed the below steps following SAP Notes 1680108 and 1616121:
  1. Connected CUABOX to GRCBOX like a plug-in system.
  2. Updated CUA Global System and CUA Model Distribution in Maintain CUA settings under User Provisioning.
  3. Next I am trying to import the roles from CUA(CUABOX) into GRC(GRCBOX) to be able to provision roles in CUA Child Systems(ECCBOX).
  After reading few discussions in SCN, I have figured that we have to download a template in Role Import and populate it accordingly to upload the CUA child system roles into GRC system for provisioning in CUA Child Systems.
  Unfortunately, this template has multiple fields and I am unable to determine the fields that should be populated as CUA Global System and CUA Child System to import into GRC. Also, when we upload CUA Child System Roles template what selections should be made in Role Import window.
  Any help in this regard is very helpful.
  Thank you,
  Pawan

  Hi Alessandro,
  I have "Create user if does not exist" setting checked for both change action and assign role action and also have CUA enabled. Here is the list of steps that I am performing:
  1. Create an access request for new account, T-CUA_CHILD and select a role from a child system ECC Z_ECC_ROLE_IN_CHILD_SYSTEM.
  2. Approvals provided to assign the ECC role.
  3. I see the following in GRFNMW_DBGMONITOR_WD.
             Auto provisioning activity at end of request at Path GRAC_DEFAULT_PATH and Stage              GRAC_SECURITY
                 New User:T-CUA_CHILD created in System(s): ECC (created without role assignments)
                 T-CUA_CHILD User does not exist in target system CUA
  GRC created an account without role assignment in ECC but also throwed me an error that the user does not exist in CUA.
  However, if I select roles from both CUA and ECC it creates the account in both systems with the selected role assignments.
  So I am wondering if there is way to provide CUA access to users by default for new account requests types. I have tried setting up default roles for CUA but it does not assign the roles by default until I select the CUA system.
  Thank you for your help!
  Pawan

• Optimum Child Systems for each CUA

  Hi, Is there a limit to the number of child systems a CUA server can administer ?
  Or Is there a recommended number for optimum performance ?
  Thanks

  Hi,
  Setting up the number of child systems depends on your system landscape and the number of clients you are maintaining in each system.
  Further it depends on the budget you have, if you have enough budget you can set CUA in the system where Solution manger is running or set CUA as an independent running system.
  We have 3 system landscapes with DEV QAS and PRD and CUA is set up on the PRD system.
  For the performance issues you need to fine tune your CUA system and you will find many threads in the forum.
  Rakesh

• To get the logical system names of all the child systems in a CUA envirnmnt

  Hi Gurus ,
  Is there any table where we can find the logical system names of all the child sytems in a CUA environment .
  This is for a requirement that i need to develop an automated process where we can reset the password of all the child system in a CUA environemt when requested by the user at once .
  I found some tables such as V_TBDLS , but they do not contain the exact information what i need .
  Thanks in advance ,
  Harshit Rungta

  Hi,
  You are in the right track. BD54 will show you the logical system name for all the existed systems in CUA.
  Else you can also go to your CUA system and execute t-code SALE --> Basic Setting --->Logical Systems  ---> Assign logical system to client -
  > Display details
  here you can see logical system names for all the clients assigned to CUA.
  Thanks,
  Deb

• Users were re-created in Child systems not in Cnetral System (CUA)

  Hi,
  The set of users were deleted some time back and today i verified in child system (PROD) with criteria as list of users without roles/profiles then I found a set of users in child systems.
  Were as those user master records are not showing in Central System (CUA).
  I verified the change document, It is showing the deleted date and later some time again it was created with no roles and profiles. On the same date all the others users are also get created.
  Then I have checked the change document of a user and verified is there any IDOC was generated in central system on that time and date but I didnu2019t find anything...
  I was expecting that the old IDOC's which are in status "distribution unconfirmed" with of the user and later there would be happen many changes for that user and which are get reflected in child system but the IDOC which was in unconfirmed status. When any one try's to execute the process through BDM2 or BD87 for that IDOC then again there would be chance of re-build the user account..... But one thing i was confused is if the old IDOC get re-generate then it has to be shown in the CUA system also?.
  It was strange issue, so please let me know what the reason behind it.....
  Please help me out...
  SV

  >
  Nishant Sourabh wrote:
  > I assume BD87 was executed in the child system and the idocs where manually processed which created these ids back again ....not sure if that is what happened. never seen something like that.
  Hi Nishant,
  what you are writing is the most common situation of how these users got 'recreated'.
  If you have a look at the method for user change idocs, you will notice, that it is the same method for creation and changing (CLONE).
  So if you have an unprocessed change idoc in the child system and you delete the user (succesfully) and reprocess this idoc in the child system locally, the user will get 'recreated'.
  b.rgds,
  Bernhard

• How to delete users in the child systems with CUA?

  Hi All,
  We have:
  1.  My SAP ERP 2005  (ECC 6.0)+ Windows 64bit + Oracle 10
  2. EP 7.0 + Windows 64bit + Oracle 10
  3. BI 7.0 + Windows 64bit + Oracle 10
  4. Solution Manager 4.0 (CUA)
  We managed all our QA and DEV users in ECC, EP using CUA from the Solution Manager server (Productive servers  and all the BI  7.0 System Landscape aren't in the CUA).
  My problem is when i want to delete a user. Sometimes if you delete a user in the solution manager (where the CUA is defined) the user still  exists in the Child Systems. In fact you can  see it with the SU01 only in the child system. I guess the idea is that if you delete the user in the CUA them  the user is delete in the child system.
  I found this information in the SAP Help:
  As well as the authorizations already mentioned, you also need another authorization in the central system for object S_USER_SYS. You can only assign new systems to a new user with this authorization. ( No Problem with this )
  When a user is deleted in the central system, the system entry for the user is retained until the deletion is confirmed. If an error occurs, you can repeat the deletion by canceling the system (in the child system).
  What does mean: deletion is confirmed? 
  Best Regards,
  Erick Ilarraza

  Hi, thanks a lot for your reply.
  We used the SAP Transaction SCUG to solve CUA Problem.
  It is something about the refresh of the user in the Parent / Child systems, you need to Re-Refresh users and delete it again.
  Best Regrads,
  Erick Ilarraza

• Users created in CUA does not distribute to child systems

  Hi
  I searched this forum and after pulling my hair for 2 days I am asking this question. I created a user in CUA and gave him child system access with the necessary roles.
  I was under the impression that the user will get replicated / distributed automaticlaly to the child systems which i selected at the time of user creation in CUA
  But it does not happen. I login the child system and search for the user. It says User does not exist. I saw SCUL in CUA and the log shows a grey icon next to the username and when I place my cursor on the icon, the tect comes " Distribution unconfirmed"
  What am I missing? Everything looks ok to me
  Why is the user or users not geting replicated or distributed to the child systems with the necessary roles / profiles?

  >
  Jackofalltrades wrote:
  > 2. Also the communication user from Client to CUA is getting locked very frequently. When I do a text comparison from CUA, it always pops the username and password login screen and then I have to enter it and the text comparison happens. I don't know what that happens
  >
  > Any ideas for point 1 and 2 ?
  Hi,
  that is an indication, that the RFC-connection is not defined properly. As soon it does not work, you will get the login screen (on the login screen the default client (503) is filled automatically, but that has nothing to do with the problem you have).
  First check the password of the RFC-user you use. Simply change this user to type 'dialog' and try to log on with the password you know. If that works, reenter this password in SM59. Perform the authorization test in SM59 afterwards. Mind possible upper/lowercase problems with the password depending on the releases your systems are.
  You can also try to perform a remote login through sm59 to make sure, tath you can log on with that RFC-user (as long he is of type dailog this will work). If the rfc-user gets locked frequently, then something is wrong with the rfc configuration. In most cases the entered password is simply wrong.
  Check this first!
  b.rgds, Bernhard

• CUA Roles residing in Child system are not showing in Central System

  I just hooked up CUA today and have linked 8 child systems to the central system.  The 8 child system users and roles have already been established in the child systems.  Do I need to run program susr_zbv_get_receiver_profiles in each of the child systems to get the roles in the child systems to show up in the Central System for each user?  I tried this in one child system and it worked.
  Or is there something else I need to do without going into each child system?
  I tried this program susr_zbv_get_receiver_profiles in the Central system but it did not work.

  are you looking for roles or profiles? profiles will not show up in the central system. If you run SCUL do you see anything? when you first added the child system did you use an SAP user that had the proper permissions? In both the child and the parent? There are two roles that the user must belong to to add the child to the parent they are SAP_BC_USR_CUA_SETUP_CENTRAL and SAP_BC_USR_CUA_CENTRAL.
  If you have any question about the permissions of these user at the time you added the child to the parent I'd delete the child and re-add with either the above roles or a user with SAP_ALL in BOTH the child and the parent systems

• For SU01 automatically addition of field extension with  "0" in child system

  Hi
  Ids and roles are created through CUA and then it is distributed in the child systems. However in one of the child system, the users are automatically assigned a value 0 in extension field of SU01. This is then not allowing the program RSEOUT01 to be executed in the CUA system.
  We checked the error message in SCUL and it says " No telephone number entered ".
  Can anybody help?
  Regards

  Hi Saurabh,
  This is due to Company address set-up.
  Here is the Solution:
  1. Login to the respective Child system and go to transaction SUCOMP.
  2. Remove the Extension number here.then save.
  Note: When there is extension system will ask for telephone number.
  Regards
  Kiran.S

• CUA client doesn't know any profile/role anymore after adding child system

  Hi,
  I did set up a CUA client on our Solman system. The client is client 500 which has been copied over from 000 via the SAP_CUST profile.
  In this client 500 I did create some users with the SAP_ALL profile, so no problem here.
  After adding a child system to the CUA, it seems that if I want to create a new user in the CUA client 500 it doesn't know any role/profile anymore which is standard available in this client.
  In PFCG I can find a lot of standard roles, but when adding one via SU01 I do get the error that it doesn't exist. The same goes for the profile SAP_ALL.
  Just to be clear, adding profiles or roles from child systems is not a problem, just adding roles or profiles for the CUA client itself doesn't seems to work anymore.
  I had this problem on a 7.0 solman system and now also on a 7.01.
  Did anyone had the same problem?
  Thanks,
  Gregory

  Hello Georges,
  I have exactly the same issue.
  I have created a new CUA. I have copie 001 client to 333 client, using SAP_ALL profile.
  Now, from CUA client (333), I cannot add any roles or profiles to my user.
  I have created an RFC D1CCLNT333, but it does not resolved the problem.
  Did you do anything else to fix your issue ?
  Thanks
  Best regards
  CP2009

• CUA and SU10: unexpected deletion in all child systems

  Hi,
  I am facing with a problem with SU10 and CUA.
  I have updated a lot of users with SU10 in CUA. For 20 users in a child system, I first add a new role, everything is fine. Then I perform a remove of a old role (I know that the end date will be changed), everything is fine except for one user. All roles were removed from all systems where the user is defined ! However, when I look in each child systems, it is not the case, the roles are well present except in the child sytem for which I do the remove.
  This problem occurs twice, for different users. It is a real problem because we have to adapt a lot of users.
  I have reinstalled the 'missing' roles with SCUG and with the change document for users but it can be a workaround because I have discovered this by chance. I can imagine check all users after each run of SU10.
  Hope someone can help me.
  Regards

  Hi Olivier,
  that sounds like you are facing the problem corrected with sap note #1117530......
  The removal shows up only at the next change of a user, the actual deletion of role assignements because of the copy might have happend already some time ago.....
  b.rgds, Bernhard