Replication of User Data 

Use

To enable Single Sign-On between SAP User Management Engine (UME) and ABAP-based SAP systems, users should ideally have the same user IDs both in the UME and in the SAP system. Replicating user accounts to the relevant SAP systems is one method of ensuring that user IDs are the same. The data is replicated in one direction only, from UME to the SAP System. Data cannot be replicated from the SAP System to UME.

There are other methods for ensuring that users have the same user IDs in both the UME and the SAP system. For example you can configure the UME to get its user data from an ABAP-based SAP system.

It is not recommended to use the replication feature and you should only use it in exceptional circumstances where no other solution is possible.  UME replication is still available in this release for existing customers, however it is not planned to further develop this feature and it will be phased out in the next releases.

For more information on the other options for handing your user data, see Integration of User Management in Your System Landscape.

Integration

UME accomplishes replication by transmitting XML documents. During user management actions such as user creation, updating and deletion, an XML document is generated and sent to the connected ABAP-based SAP systems for which replication has been configured. The XML documents are sent using the SAP Java Connector (JCo). The XML document contains the user maintenance information and activity to be performed. After acting upon the XML document, an SAP system generates a response document and returns it to UME. The response document contains status and error messages related to the replication process. If the replication fails, the administrator may review and correct the errors and replicate again.

SAP Systems with release 4.6D and higher contain default Business Add-Ins (BAdis) that accept user data contained in the XML documents from UME, act upon it by creating, updating, and deleting user data as required, and perform post processing. SAP applications, for example, SAP Enterprise Buyer, can override the default BAdis with their own BAdis that provide a custom implementation for actions such as user creation, updating, and deletion.

Prerequisites

·        UME supports replication of user data to ABAP-based SAP systems with release 4.6D or higher.

·        Replication of role assignment data is only supported to ABAP-based SAP systems with release 6.20 or higher.

Constraints

·        You can replicate to a maximum of three systems. This is because replication is only designed as a solution for small system landscapes. For larger system landscapes, we recommend that you use Central User Administration (CUA) to manage user data and set up the UME to use the CUA system as its user data source.

·        Only use replication if you have a maximum of 5,000 users in the UME.

·        Passwords and the lock status of a user are not replicated. Users are created with a deactivated password in the backend system. Users should log on through UME, in the portal for example, and access backend systems using Single Sign-On with logon tickets.

Features

The following user attributes are always replicated:

·        userid,

·        lastname

·        firstname

·        email

·        language

·        timezone

·        street

·        zip

·        city

·        country

·        department

·        telephone

·        fax

·        salutation  ®  academicTitle (in ABAP system)

The following attribute is optionally replicated:

·        rolenamelist (if the UME property ume.r3.use.role=true)

Only the user-role assignments are replicated, not the roles themselves. We do not recommend that you use this option. Instead, use the role distribution function of the portal and transaction WP3R in the ABAP System. See also Role and User Distribution to the SAP System.

Activities

The administrator has to configure in UME to which SAP Systems user data is replicated. For details, see Defining To Which SAP Systems User Data is Replicated.

If a SAP application requires custom BAdis for processing the XML documents, the administrator must configure both the SAP System and UME. For details, see Use of Custom BAdis in SAP ABAP Systems.

User data is replicated automatically when user data is created, changed or deleted in the UME. Manual replication is only required in special cases, for example, if there was an error during automatic replication. See also Replication.

Example

You are using UME with SAP Enterprise Portal and want an SAP Supplier Relationship Management (SRM) system to work with the same user base as the portal, so you configure UME to replicate all user data from the portal to the SRM system.