SAP Admin Tips: How to Implement CUA

One of the drawbacks of SAP that I have ran into is due to the numerous amount of clients you can create across multiple systems. This can result in users having multiple accounts for you to manage. Thankfully, there is a solution to this. Enter Central User Administration, aka CUA.

The necessary steps required to implement CUA are, fortunately, not very difficult assuming you have proper authorizations to the systems.

I. Specify Logical Systems
1. Log into the SAP client that will be the Central System.
2. Run transaction BD54.
3. Create new Logical System names for every client that will be part of CUA (Central and all Children) using the following naming convention:
    [System ID]CLNT[Client]
    Example: ITDCLNT100
4. In each Child System, add a Logical System name for the Central System using the method specified above.


II. Assign Logical Systems to Client
For each client that will be part of CUA, perform the following steps:
    1. Run transaction SCC4
    2. Switch to Change mode
    3. Double-click on the client for Details
    4. Specify the Logical System name


III. Create System Users
A.) In the Central System, create the following user:
    UserID: CUA_[System ID]
    Roles Assigned:
        - SAP_BC_USR_CUA_SETUP_CENTRAL
        - SAP_BC_USR_CUA_CENTRAL
        - SAP_BC_USR_CUA_CENTRAL_BDIST
B.) In each Child System, create the following user:
    UserID: CUA_[System ID]_[Client]
    Roles Assigned:
        - SAP_BC_USR_CUA_SETUP_CLIENT
        - SAP_BC_USR_CUA_CLIENT


IV. Create RFC Destinations
1. Log into the Central System.
2. Run transaction SM59.
3. For each Child System, create a new RFC Connection with settings similar to the following:



4. Ensure that the User under Logon & Security is the account you create in Step III-A for the Child System.
5. In each Child System, create an RFC Connection back to the Central System.


V. Create CUA
1. Log into the Central System.
2. Run transaction SCUA.
3. Enter the name of your distribution model, such as “CUA.”
4. Choose Create.
5. Enter the name of the Child Systems.
6. Save.


VI. Synchronization of Company Addresses
1. Log into the Central System.
2. Run transaction SCUG.
3. Right-click on the first Child System and choose to Synchronize Company Addresses, repeat for each Child System.
4. From the main screen of SCUG, click the Company Addresses button to distribute them to target systems.


VII. Transfer Users
1. Log into the Central System.
2. Run transaction SCUG.
3. Right-click on the Central System and choose to Transfer Users.
4. Select all New and Changed users and choose Transfer Users.
5. Repeat for each Child System.


VIII. Create Partner Profile for Logical System
For each Child System, perform the following steps:
    1. Run transaction WE20.
    2. Create a new Partner Profile under the Logical System (LS) category with settings similar to the following:



    3. Define the following Inbound Parameters:
        Message Type: USERCLONE
        Process Code: BAPP


Once you have all of these steps complete, you should be able to perform all user administration from your Central System. Within transaction SU01 you will have a new tab called Systems which will allow you to give a user access to any system within CUA. You will also be able to assign Roles per system. For example, a user could have SAP_ALL within your Development system and Display Only within your Production system, all managed through your Central System. No more logging into each individual system for user administration.

Read More

SAP Admin Tips: How to Create a Copy of a Standard SAP Transaction

There may come a time within SAP where you will need to create a copy of a standard transaction in order to customize it to your specifications. Surprisingly, making a copy of a transaction is not as difficult as one may imagine.

Note: You may need to create your own Package to store these changes into. If you do not, then you may be able to choose "Local Object" when prompted.

The first thing you will need to do is determine what underlying program is called from the transaction you wish to create a copy of. This can easily be done by running transaction SE93, imputing the desired transaction (OS01 in my case), and clicking Display.

Note: It may be best to either screenshot or document the settings displayed for the transaction. Make sure you also click on the 'Values' button in order to get the Authorization Object's required values.

Now that you know what the program's name is, RSHOST14 in our case, you can go to transaction SE80 in order to access the ABAP Workbench. From the initial screen, you will need to select "Program" from within the drop-down and then type the program name within the text field. Click the Display button (glasses) in order to view the program.

Now that the object data is shown for the program, you can right-click on it and select "Copy" from the available list of options.

Ensure that the source program is correct and then enter the name you wish to use for the new transaction (starting with a "Z").

From the next screen, select all of the elements you wish to copy over to the new transaction. In this case, I have selected everything.

At this point, you may be prompted to add this object to a Package. You can either use one that you have created, or you can try to use "Local Object."

Now that we have a successful copy of the original program, we will need to assign a transaction to it. Remember that transactions merely call underlying programs. To do this, you can right-click on the new program's name, hover over the "Create" option, and select "Transaction" from the list.

Now you will be able to give your new transaction a proper name and give it a descriptive short text. You will also need to select how you want it to start. For this particular program, you will need to select "Program and selection screen."

We're almost done with this. Remember the program data I told you to screenshot or document? Now we need it.

On the final screen, you will need to fill out each and every field similarly to how the original program data was. The following image shows what was required for a copy of OS01.

All that's left now is to right-click on the program and select "Activate," activating all of the objects within it. Once you're done, click Save.

If everything went smoothly, you should now be able to run your new transaction and see an identical screen to the original.

Good luck and have fun!

Read More