CUA setup

Similar Messages

• How to find history of CUA setup and usage

  Hi there,
  A client is asking me to find out who connected a satellite system to the CUA system, and then who deleted it again. Does anyone know where to find this history of CUA setup? Transaction SCUL doesn't help, as the satellite system says it isn't part of any CUA, and on the CUA system itself SCUL doesn't show anything for the sat. system. Anyone have any ideas?

  Hi,
  I don't think that there are some logs available. the only thing I can imagine is to find out, who connected a client to the cua-master.
  Start WE20->partnertype LS>select chidl system>open userclone>change to tab 'Post processing: permitted agents'. In the agents-field you should find the user who connected that child (generated partner profile).
  Normally it is forgotten to remove the we20-entries after deletion of the cua-model, so this information should be still available. then interview that user about when,what,how,why,...
  b.rgds, Bernhard.

• CUA setup for a refreshed system copy

  IF I copy a system that is under CUA, do I have to remove CUA first?
  Or can I copy the system and on the target system, delete the CUA?
  What is the best practice for system refreshed and CUA?
  Thanks
  Weyland

  Hi,
  Yes, you have to detach the CUA first, before starting with client copy to avoid inconsitency..
  Like Client Copy profile includes User Master Records from the source client (SAP_ALL or SAP_USER profile), you should deactivate CUA in the target client.Otherwise, the users in the target client will remain untouched. If you
  don't need to copy the User Masters from the source, use a client copy profile that excludes User Master Records,
  Also check the pending Idocs to be processed in target client before detaching from CUA. Correct the logical system name and RFC after system copy to make it again functional with CUA.
  Cheers

• Table used for storing roles/profiles assignment in CUA lansscape

  Hi,
  following is my cua setup
  master client - 999 of SRM 4.0
  child client - 101 of ECC 5.0
  child client - 202 of SCM 4.1
  in cua all distribution works on its logical name assign to respective client.
  here is my question
  lets say user 'XYZ' in master client assign single as well as composite role and composite profiles assigned in the master as well as child system.
  please tell me in which table this relationship is maintain in sap that Composite roles/profile is from which cua client.
  from my finding the tables which store the role and profiles from master and child system are i.e. USRSYSACT & USRSYSPRF.
  but i am not able to find table which store the roles to user and user to profiles assigment in CUA setup,can someone please help me.
  Thanks,
  John.

  Hi Check the tables
  <b>USR10  -role definition
  AGR_PROF   -Profile for Roles
  AGR_TEXTS  - Role descriptions
  AGR_USERS  - Assignment of roles to users
  AGR_DEFINE - Auth profiles</b>
  if needed see other tables with USR* and AGR_*
  Reward points if useful
  Regards
  Anji

• CUA on SolMan, issue with BI

  Hi all,
  Question:
  My client wants a CUA on SolMan.
  When I set this up I stumble upon a small problem.
  CUA needs RFC connections to all connected clients, these RFC's should have the exact name of the Logical System Name of the client. Furthermore they need a user with specific authorizations in it.
  So for my system with SID SOL and productive client 100 I will get an RFC named:
  SOLCLNT100 (which is the same as the LS in SCC4).
  Now 100 is also my BI client, and it also uses this RFC.
  So configuring this like mentioned in the CUA setup guide gives me a conflict.....
  Any ideas or suggestions?
  Can I avoid issues by adding authorizations to the user configured in this RFC?

  Hi
  It is more logical if you would have create one separtate client in Solman and configure CUA there.Without affecting your already defined solman setup
  and the dedicated cua client helps your security gets fine go by giving only a respective peopke access the client, this close  lot of trouble.
  Jansi

• SAP CUA

  Hi All,
  I am currently working on SAP CUA.
  I wanted to know where the data for CUA is stored in case of roles and profiles
  There are two tables i came across
  a)USRSYSACTT (has lnaguage as one of the column)
  b)USRSYSACT
  Which table should be used to check the profiles.
  What is difference between the two.
  Is the data in both consistent
  Best Regards
  Manoj

  Hi Alex,
  Thanks for the reply.
  I would explain you the scenarion in more detail.
  Imagine if there is a SAP CUA setup .
  Admin system ==> ADMCLNT800
  Child system 1 ==>CH1CLNT800
  Child system 2 ==>CH2CLNT800
  System ADMCLNT800 has data as
  a)role1
  b)role2
  c)profle1
  d)profile2
  System CH1CLNT800has data as
  a)role3
  b)role4
  c)profle3
  d)profile4
  System CH2CLNT800 has data as
  a)role5
  b)role6
  c)profle5
  d)profile6
  Now each of them will have it own data  repository specific to it like  user ,profiles,roles.
  But i am interested in the CUA data repository ,which i think would be in the admin system containing  all the above data in a master place.
  Now i am interested  in knowing this table.
  Please let me know if  the scenario is clear.
  Best Regards
  Manoj

• Problems in CUA..

  Hello,
  We are facing some problems with CUA setup.
  Last week we removed a child system from CUA and changed its SID and now we are trying to add the system into CUA.
  When the system is added through SCUA in Central system it goes fine without a single error, but the system is not found in SCUA list in child system. Also when we add the system with new SID in central system, it shows the old SID and not the new SID
  under SAP Systems column.
  We are able to transfer users from Central system but not able to modify users from Central system.
  All steps were followed as per SAP docs when deleting the child system from CUA.
  Could someone share your thoughts/ideas on the above problem.
  Thanking you in advance.
  Regards,
  Yoganand.V

  Hello,
  Child system was deleted as per SAP docs. Why do I need to run RSDELCUA in child system?
  The point I forgot to say is the system we copied (the old system) is still active in the landscape but not
  connected to CUA. CUA is our SOLMAN system were we have SLD running, is this causing CUA to read the old systems
  data. The new system is not added to SLD yet.
  Please share your thoughts.
  Regards,
  Yoganand.V

• Need advise on CUA strategy

  Hi All,
  I would like to come out a CUA strategy for a ECC three system landscape (D,Q,P). As i understand the best practice is to have CUA master on each landscape, D, Q and P, but as far as i know this is helpful on complex environment, and the other advantage is testing and verification can be done.
  Since we are using ECC component, what's the best strategy to setup CUA? should we have only single central CUA for for the entire ECC landscape?
  Any feedback is mostly welcome.
  Thanks.

  Hi Nicholas,
  There is no mandate that the CUA should setup in D,Q & P system seperately. However, it is advised to do so since the amount of change documents in the central system are more. Infact, if it one of the reason why most of the times the Central system is setup in D systems.
  Further remember the following points:
  1. What is your userbase?
  2. How many clients will be participating in the CUA setup?
  3. Amount of the changes done in a day (to consider whether to breakup the CUA or setup a single CUA landscape).
  4. Roles that are assigned to the users? If there is a major change in the roles that you assign from D to P, then setting up individually is recommended.
  5. Bandwidth - How well you can manage the setup.
  Hope this clarifies!!
  Best Regards,
  Raghu

• Transfer Users from Clients 000, 001 & 066 Into CUA

  I have CUA setup and currently I have all clients in all systems in CUA except for clients 000, 001 & 066. My first thought is to add these clients to CUA and tranfer users sap* & ddic. It seems to be a good way to make sure the 2 accounts passwords are easily changed and managed across the board. I already have trusts to all of the systems so it would be very easy to bring in these clients without much work. Are there any downsides to bringing in these clients and transferring sap* & ddic?

  Hi Robert,
  Here is my opinion :
  I, personally, do not feel that activating CUA for 000, 001, 066 is a good idea. I would consider other options then CUA to ease 000, 001, 066 maintenance. If, for some reason, I have to use CUA for 000, 001, 066, I would create a specific client in a central CUA for management only these three clients but not the others.
  Regards,
  Mike

• CUA  - Single CUA

  I was looking for advantages/disadvantages for CUA and I found this out on SAP Security Online but I need someone who knows CUA  to verify that it is a disavantage for a Single CUA.
  It said:  -     Maintenance of CUA system has immediate impact on production, no test of CUA functionality possible.
  Can someone give me an answer on this and tell me why a test of CUA functionality can not be done without an immediate impact on production.
  Any chance someone could answer this today?
  Thanks for your help!

  That is one of the reasons I prefer to have seperate CUA's.
  If I need to make a change to a CUA setup, I can test it in a non-prod landscape to make sure that those changes are suitable for prod (assume that settings are same etc). If they are then it's fine to go ahead. 
  If my prod system shares a common CUA with all other systems, then any changes I make to that CUA will have an effect on the systems linked to that CUA, including my prod system, therefore my prod system is the recipient of untested changes.
  Like all changes, by testing in an non-prod environment, any changes that have a detrimental effect get picked up before either user data (unlikely in my experience) or operational stability of CUA in production (more likely) are compromised.
  In the grand scheme of things it's not a huge issue, but from a change management, segregation & control of environments perspective I find it beneficial to have separate CUA's

• New role in CUA user record not getting pushed to child system

  I added a new child system to our CUA setup.  I've confirmed that the RFC connections from both sides are working properly (test connection succeeds) and I've successfully completed the user transfer function in SCUG.  All exisitng roles assigned to the users in the child system are now appearing in the CUA central system as expected.  I added a new role to a user via SU01 in the central system to this child system, but when I go to the child system, it does not appear in the user's SU01 record.  Any ideas why this would not be syncing properly?
  Thanks,
  Michael

  Hi,
  Whenever you create a new role in child system, it has to be sync up with the central system.
  To sync up with the central system, login to central system goto su01>enter any user name>go to roles tab- click on Text comparision from chiled system. Its navigate to another screen, there you have to mention the child system and click on execute. it syncs up with child sytem. Hope it will help you out to resolve the issue.
  If still you are getting the same issue login to the central system.. goto SE38-- enter the program name as "RSCCUSND" and click on execute there mention the user name and the logical system id of the Child system name, select the parameters which you wanted to distribute to child system and execute it.
  Best Regards
  Mani

• User locked as ( Globally) locked by system manager in the central system"

  Helo
    I have an issue with unlocking a user id in Production, when i am trying to unlock a user in production system i am geting the message
  "(Globally) locked by system manager in the central system"
  could you please tel me how to unlock the user in regular  way.
  there is no CUA setup in our landscapes ,not sure what is wrong , please assist immediately
  regards
  jayu

  > there is no CUA setup in our landscapes ,not sure what is wrong
  No CUA setup but still error shows locked by system manager in the central system.Anyhow try to unlock the user  by another method.use tcode ewz5 to unlock the user...let me know whether its working or not
  > could you please tel me how to unlock the user in regular  way.
  http://www.sap-img.com/basis/different-methods-to-lock-or-unlock-sap-users.htm
  Regards,
  Rafikul

• No provisioning logs available

  Hi,
  I am on GRC 10.0 SP14, and configuring GRC with CUA setup. However, have run into an issue
  We have the CUA on Solution Manager, so all the ARM requests are going through CUA, if the user has access to Solman, I mean if the user has a role assigned for SOLMAN system or has SOLMAN added in the systems tab of SU01 everything works fine.
  However, if the user does not have access to the SOLMAN system or does not have SOLMAN added in the system tab, GRC does not update the user and gives a message "No provisioning logs available"
  It is forcing us to create the user in SOLMAN which is totally useless for us.
  Need your help in addressing it.
  Best Regards,
  Silver

  Hi Silver,
  you do not need to create a SOLMAN account.
  In your CUA settings - is CUA marked as global system (active)? Is so, please unmark it there and put individual list of system on second tab (CUA model distribution). It should work,
  Let me know,
  regards,
  Filip

• Deleted User recreation - Connected Profile Parameter

  When I try to create a user which was deleted I get a pop-up message "old sapoffice data found for this user name. do you want to copy this data to the new user? " 
  1. I get this message only in some systems but not in all systems. What controls this pop-up message ? Is there a profile parameter or a system setting which controls this?
  2. In CUA setup, would this message pop-up ?

  Hi,
  When you try to create a user which existed in the system in past and was deleted, then SAP automatically prompts you to check if you want to copy the old settings for that user. User history is stored in USH* tables.
  So you will not have this message everywhere in your landscape, only if that user id existed in the system in past.
  Cheers !!
  Zaheer

• Client Delete and Logical System and CUA

  I'm getting ready to do some client clean up in prep for an upgrade from ECC 5 to ECC 6 soon.
  Currently we have a 3 system landscape: DV1 QA1 PR1
  Clients on these systems are as follows: (not including 000, 001, 066)
  PR1:100 - the production client
  QA1:100 - Integration Master - not used except for RFC connections for Solution Manager
  QA1:110 - Cycle 1 testing - not used
  QA1:120 - Cycle 2 testing - not used
  QA1:200 - Old training master client - not used
  QA1:201 - Old training client - not used
  QA1:710 - no longer being used for testing
  QA1:720 - client used for system and integration testing
  DV1:100 - Configuration - not used
  DV1:110 - ABAP development
  DV1:120 - Configuration
  DV1:700 - Template for test - not used
  DV1:710 - Test with prod data
  Most have a logical system defined for the client.
  I am going to delete those I've underlined above as they are no longer used.
  Some of these are setup in the CUA system.
  All are showing up in Solution Manager SMSY system landscape.
  My plan is to backup the system database first! 
  Then:
  1) Delete the client(s) (SCC5) one by one
  2) Remove the client from CUA (SCUA)
  3) Remove the logical name (SALE)
  What I am unsure about is the order of the process.  Should the CUA and ALE modifications come before actually deleting the client?
  Does this sound like a reasonable plan to clean up our client landscape?
  Thanks in advance for your suggestions and help.
  Laurie McGinley

  Dear Laurie,
  Order should be like below:
  1) Remove the client from CUA (SCUA)
  2) Delete the client(s) (SCC5) one by one
  3) Remove the logical name (SALE)
  More over you should delete these clients from Solution Manager also inorder not to have error message when you go to solution Manager for doing anything on that system.
  Please revert back for any queries.
  Regards
  Shailesh Mamidwar