In complex system landscapes with multiple systems and clients, the administration cost for keeping the user master records in the systems consistent and up-to-date is very high. Employees join the company, resign, or change jobs within the company. Users must usually access several systems and clients in order to perform their business tasks, and therefore require multiple users.
Since user master records are client-specific, they must be maintained in each client of each and every system. For example, if you want to create a new user, you must create it manually in all the clients of all of the SAP R/3 Systems in which it should be valid.
User master records can be maintained centrally in one client of a system. If a new client is built as a copy of a maintenance client, the new client can initially be filled with the user master records of the maintenance client. During this copy, the roles of the maintenance client are copied together with the user master records. However, you cannot select which users should be copied and which should not. The user master records also cannot be automatically synchronized sequentially.
Since user master records are client-specific, they must be maintained in each client of each and every system. For example, if you want to create a new user, you must create it manually in all the clients of all of the SAP R/3 Systems in which it should be valid.
User master records can be maintained centrally in one client of a system. If a new client is built as a copy of a maintenance client, the new client can initially be filled with the user master records of the maintenance client. During this copy, the roles of the maintenance client are copied together with the user master records. However, you cannot select which users should be copied and which should not. The user master records also cannot be automatically synchronized sequentially.
Advantage of having CUA:
1. Administration of a whole system landscape from one single central system
2. Overview of all user data in the whole system landscape
3. Consistent user data in the whole system landscape
4. Additional local maintenance still possible
1. Administration of a whole system landscape from one single central system
2. Overview of all user data in the whole system landscape
3. Consistent user data in the whole system landscape
4. Additional local maintenance still possible
CUA in separate system vs. in PRD
Advantages
Access to user management can easily be controlled
No performance impact on PRD system
Independence from planned downtime of PRD system
Independence from PRD system release (higher release with more functionality can be used) Maintenance activities of CUA central system (e.g. import of support packages) has no impact on PRD
Disadvantages
Additional hardware and administration cost
Advantages
Access to user management can easily be controlled
No performance impact on PRD system
Independence from planned downtime of PRD system
Independence from PRD system release (higher release with more functionality can be used) Maintenance activities of CUA central system (e.g. import of support packages) has no impact on PRD
Disadvantages
Additional hardware and administration cost
CUA in PRD
Advantages
No additional hardware and administration cost
Disadvantages
Performance impact on PRD system
No user administration during downtime of PRD system.
PRD system release determines CUA functionality (no higher release can be used)
Maintenance activities of CUA central system (e.g. import of support packages) causes downtime of PRD system
Access to user management can be controlled only if separate client on PRD server is set up
Advantages
No additional hardware and administration cost
Disadvantages
Performance impact on PRD system
No user administration during downtime of PRD system.
PRD system release determines CUA functionality (no higher release can be used)
Maintenance activities of CUA central system (e.g. import of support packages) causes downtime of PRD system
Access to user management can be controlled only if separate client on PRD server is set up
Pro & Cons: Single CUA
Advantages
Requires little resources (hardware and/or disk space)
Consistent user master data in the whole system landscape
One single point of administration and control
Disadvantages
Maintenance of CUA central system has immediately impact on production –no test of CUA functionality possible
Unavailability of CUA central system has impact on the whole system landscape
Planned downtime of CUA central system has to be confirmed by all system owners
High volume of user data and high number of changes to user master records (e.g. caused through client copy in DEV) can result in decrease of performance of the CUA central system
Not suitable for customers where responsibilities for user administration are organizationally split based on systems
Organizational challenges
Technical CUA configuration does not match the organization of the user administration
Conflicts due to unclear responsibilities for user management
User administrators are not trained in CUA usage
Advantages
Requires little resources (hardware and/or disk space)
Consistent user master data in the whole system landscape
One single point of administration and control
Disadvantages
Maintenance of CUA central system has immediately impact on production –no test of CUA functionality possible
Unavailability of CUA central system has impact on the whole system landscape
Planned downtime of CUA central system has to be confirmed by all system owners
High volume of user data and high number of changes to user master records (e.g. caused through client copy in DEV) can result in decrease of performance of the CUA central system
Not suitable for customers where responsibilities for user administration are organizationally split based on systems
Organizational challenges
Technical CUA configuration does not match the organization of the user administration
Conflicts due to unclear responsibilities for user management
User administrators are not trained in CUA usage
CUA- Installation
Introduction
Clients with very complex landscape with multiple landscape and multiple clients, maintaining the entire environment become very challenging. Using Central User Administration (CUA), you can maintain user mater records centrally in one system. Changes to the information are then automatically distributed to the child systems. This means that you have an overview in the central system of all user data in the entire system landscape. Distribution of the data is based on a functioning Application Link Enabling landscape (ALE Landscape). In this way, data can be exchanged in a controlled manner and is kept consistent. An ALE System Group is used by the Central User Administration to distribute user data between a central system and child systems linked by ALE.
Central User Administration (CUA) data is distributed asynchronously between the application systems in an ALE environment. This ensures that it still reaches the target system even if it was unreachable when the data was sent.
One system in the Central User Administration (CUA) ALE environment is defined as the central system. The central system is linked with every child system in both directions. The child systems are not linked to each other, with the exception of the central system, which is itself a child system, from the point of view of Central User Administration.
Clients with very complex landscape with multiple landscape and multiple clients, maintaining the entire environment become very challenging. Using Central User Administration (CUA), you can maintain user mater records centrally in one system. Changes to the information are then automatically distributed to the child systems. This means that you have an overview in the central system of all user data in the entire system landscape. Distribution of the data is based on a functioning Application Link Enabling landscape (ALE Landscape). In this way, data can be exchanged in a controlled manner and is kept consistent. An ALE System Group is used by the Central User Administration to distribute user data between a central system and child systems linked by ALE.
Central User Administration (CUA) data is distributed asynchronously between the application systems in an ALE environment. This ensures that it still reaches the target system even if it was unreachable when the data was sent.
One system in the Central User Administration (CUA) ALE environment is defined as the central system. The central system is linked with every child system in both directions. The child systems are not linked to each other, with the exception of the central system, which is itself a child system, from the point of view of Central User Administration.
Setting Up Central User Administration
To set up Central User Administration (CUA), perform the procedures described below.
To set up Central User Administration (CUA), perform the procedures described below.
Steps to Set Up the CUA
Specify Logical Systems
Assign Logical Systems to a Client
Create Communication Users (ADM_CUA)
Create RFC Destinations
Set Distribution Parameters for Fields
Synchronize
Specify Logical Systems
Assign Logical Systems to a Client
Create Communication Users (ADM_CUA)
Create RFC Destinations
Set Distribution Parameters for Fields
Synchronize
Company Addresses
Create CUA
Transfer Users
Create CUA
Transfer Users
