1. 2. 3. 4. 5. 6. 7. 8. 9.

10. 11.

Central User Administration(CUA) configurationWhy do we need CUA ?CUA or central use administration is actually configured to save the money and resource to manage large and similar user exist in manysystem in the landscape .This tool help us to manage all the user master record centrally from on client of the system .

Complex system landscapes.Manual Maintenance of user information in all the available systems.Tedious Administrative taskComplex administrative job may lead to Security problems

Benefits of Central User AdministrationOnce you configure CUA users can only be created or deleted in the central system.User attributes can be maintained only locally, only centrally, or both centrally and locallyTherefore, the required roles and authorizations must exist in active form in all child systems.As a result each user only has to be administered once centrally which gives the administration a much clearer overview of all users andauthorizations.

Steps by Step Process :Few PointsWe need a SAP Landscape/single system with multiple clientsThe administrator should have access to SAP and tcodes SU01, BD54, BD64, SCC4, SCUA, SCUM, SM59 We do need to create Create system users in central system and child systems Create RFC connections between systems Create logical system Assign logical system to corresponding clients Create model view Add BAPI to model view Generate partner profiles and distribute model view Create CUA and distribution model Maintain parameters between central and child systems

Preperation: First we would be needing 2 client of system's for the configuration .

For example I am hereby taking a system EC3 with 2 client : 400 (Central client ) ; 410 (Child System )

1.) :Create system user

These system users required for RFC configuration between two clients.These rfc are being require to transfer the data here . we do need tocreate follow ing in the repsective clients with the below define roles :Client 1: 400 User ,this is a central system : CUA_EC400 Client 2: 410 User,this is a child system : CUA_EC410 Above are the usernames created in client 400 and 410 respectively with below roles. User CUA_EC400 with below roles(roles in the central system)SAP_BC_USR_CUA_CENTRALSAP_BC_USR_CUA_CENTRAL_BDISTSAP_BC_USR_CUA_CENTRAL_EXTERN

User CUA_EC410with below roles( roles in the child system)SAP_BC_USR_CUA_CLIENTSAP_BC_USR_CUA_SETUP_CLIENT

2.)Create RFC connections between system:

1.Go to SM59 tcode and select ABAP connections2.Click "Create" button or press F83.Enter the RFC connection name(ie.EC3CLNT400&EC3CLNt410) and choose connection type as 3 which means ABAP connecions4.Enter the description of the RFC like "RFC connection for CUA" and save5.Now Enter the Target Host as system name(Computer name) of the EC3 system or enter the IP address of the system and system number ofEC3(like 00)6.All the above settings must be carried out on "Technical Settings" tab7.Next go to "Logon & Security" tab8.Enter the Client number of the target client EC3system i.e. 9.Also enter the username and password which is created in EC3 target client in initial stage10.Language is optional and similarly Unicode option in Unicode tab11.You can select "Unicode" option if target system is Unicode system or leave it12.Now save the settings and you will be prompted "Connection will be used for Remote logon"13.Click "OK" and Click "Connection Test" or Ctrl+F3

3.)Create logical system:

You need to create logical system for each client/ system and make sure it shouldnt defer from RFC connections respectivelyGo to BD54 tcode and setup logical systems.

1. 2.

4.)Assign logical system to corresponding clients:

Go to tcode SCC4 and assign the logical systems to each client/system respectively

5.)Create model view:

this steps need to be done in the Central system .

Login to the central client of the systemGo to transaction BD64 amd click on chage button .

3. click create model view button and enter the model view

4. Enter a short description and technical name as shown in the below and hit ok button

6.)Add BAPI to model view:

Select the model view and click Add BAPI.

You need to enter model view, sender/client, receiver/server object name/interface and method.As said initially I used 400 client as sender/centralsystem and 410 client as receiver/child systemsEnter the object name and Method as per above figure and click ok button

7.)Generate partner profiles and distribute Model View:

We are done with model view creation and BAPI.Now we need to generate partner profiles go to Environment and click generate partner profiles

You will get a message saying partner profiles are generated newly if your generating 1 time or you will get a system message like below figure.st

Come back to the BD64 screen and select the model view and go to Edit ModelView --> select Distribute.This will distribute your model view tochild systems and you will get message like below

So now we are done with model view creation and distribution.

Installation :

8.)Create CUA and distribution model:Go to tcode SCUA and create distribution model.Enter the model view name which is created in BD64 earlier and click create button as shown inbelow figure.

Now you will get a screen like below and select the child systems in the pop up screen

Once you selected the system name and click save.You will get a screen like below if you are done everything correctly which means your CUAconfiguration is done successfully.

9.)Maintain parameter between central and child systems:Once we are good with CUA configuration there are parameter setup needs to be done from central system like which all are maintained incentral and child systemsGo to SCUM tcode nd click to change mode for parameter maintenance

It will give you broad idea about what are the parameters should be maintained centrally and which can be maintained child system as well asglobally.Ex. Role addition should be done from central system and password reset and defaults can be maintained from both centrally and local

Central User Administration(CUA) configuration