Set Up Field Distribution Parameters
If you are using Central User Administration, you can use the distribution parameters in transaction SCUM to determine where individual parts of a user master record are maintained.
- In the central system
- Locally in the child system
- In the child system with automatic redistribution to the central system and the other CUA child systems
Every input field of the user maintenance transaction SU01 has a field attribute that you set once in the central system with transaction SCUM during Customizing. As far as possible, you should then not change the field maintenance indicator at all.
If you later change the distribution from Local or Proposal to Global or Redistribution, data inconsistencies can occur.
You must be particularly careful when removing inconsistencies, since data is lost when you switch system-dependent parameters from local to global maintenance and then distribute the users again. The distribution creates the central system status in all child systems. If you have previously maintained system-dependent data, such as the user assignment of roles, this data is unknown to the central system. This means that when you distribute the central system entries, you overwrite the role assignments of the child system. This system-specific data is therefore permanently lost.
To recreate data consistency after changing the field distribution parameters, proceed as follows:
- To maintain cross-system parameter (such as printers) globally rather than locally, set the parameter appropriately and then redistribute the users from the central system to the child systems. This means that the central system status is adopted in all child systems.
- Caution:To maintain system-dependent parameters (such as role or profile assignments) globally rather than locally, you must not redistribute the users. Instead, you must remove the CUA and set it up again, so that you can copy the users and their system-specific data from the child systems into the central system again. After completely removing the CUA and setting it up again, the field distribution parameters are set to "global" by default. Check these settings before you transfer the users again with transaction SCUG.
The only exception to this is the Locks tab page. You can change the indicators on this tab page at any time without any risk.
- Log on to the central system (in this example, ADM, client 070).
- In the Implementation Guide (IMG, transaction SALE), choose Modeling and Implementing Business Processes → Predefined ALE Business Processes → Cross-Application Business Processes → Central User Administration → Set Distribution Parameters for Fields (transaction SCUM).
The system displays the User Distribution Field Selection screen, with tab pages of the fields whose distribution parameters you can set. To display additional fields, choose page down.
You can select the following options on the tab pages:
Global
You can only maintain the data in the central system. The data is then automatically distributed to the child systems. These fields do not accept input in the child systems, but can only be displayed.
All other fields that are not set to "global" accept input both in the central and in the child systems and are differentiated only by a different distribution after you have saved.
Proposal
You maintain a default value in the central system that is automatically distributed to the child systems when a user is created. After the distribution, the data is only maintained locally, and is not distributed again, if you change it in the central or child system.
RetVal
You can maintain data both centrally and locally. After every local change to the data, the change is redistributed to the central system and distributed from there to the other child systems.
Local
You can only maintain the data in the child system. Changes are not distributed to other systems.
Everywhere
You can maintain data both centrally and locally. However, only changes made in the central system are distributed to other systems, local changes in the child systems are not distributed.
- To maintain the other parameters, too, switch to the other tab pages. The tab pages correspond to those of user maintenance.
- Save your entries.
The distribution parameters are automatically transferred to the child systems.
Logon Data Tab Page
On this tab page, you can assign the indicators Global, Local, Proposal, and Redistribution to all entries. However, you can only assign the indicator Everywhere to the initial password. With this setting, the administrator of the central system can set the initial password for a user system-specifically, and the administrator of a child system can set the initial password locally.
An external application such as CRM E-Commerce User Administration in a CUA child system can provide local user administration to the external user administrators using a Web interface through an internal BAPI interface.
Locks Tab Page
You can control the distribution of lock data on this tab page, and therefore determine which locks can be set and/or reset in which systems. When you reset locks, you must pay close attention to the lock indicators in the user master record that can be combined in any way you choose, and the functions available in this system, so that you can set the indicators on the Locks tab page appropriately.
A user cannot log on to a child system of a CUA. The local administration removes the lock. However, this removal refers only to a local lock that may exist in the user master record. Global locks, or, if the indicator for Locked due to incorrect logons is set to global, locks due to incorrect logon attempts, are not removed by this. Therefore, if the local administration should be able to remove locks due to incorrect logon attempts, you must not set the indicator for Locked due to incorrect logons to global in transaction SCUM.
To be able to unlock a user from the central system after an incorrect logon attempt or for local locks in a child system, set the indicator everywhere for the lines Unlock incorr. logon and Unlock locally.
The following functions are available in the respective systems:
- Lock globally: This function is only available in the central system. The request to lock or unlock is sent to all child systems and performed there.
- Unlock globally: This function is only available in the central system. The request to lock or unlock is sent to all child systems and performed there.
- Unlock incorrect logon globally: This function is only available in the central system. The request to lock or unlock is sent to all child systems and performed there.
- Lock locally
- unlock locally: This function attempts to remove all three possible lock indicators: Locked due to incorrect logons, global lock, and local lock.
- Unlock incorrect logon locally
Selection on the Locks Tab Page
| Field | Description | Global | Local | Everywhere |
|---|---|---|---|---|
|
Unlock Incorr. Logon |
Controls the removal of the indicator Locked due to incorrect logons |
Removal of the indicator Locked due to incorrect logon using the unlock globally function is allowed |
Removal of the indicator Locked due to incorrect logon using the unlock locally function is allowed |
Removal of the indicator Locked due to incorrect logon using the unlock locally function is allowed Removal of the indicator Locked due to incorrect logon using the unlock globally function is also allowed |
|
Lock Locally |
Controls the setting of the locked locally indicator |
|
Setting the indicator locked locally using the lock locally function is allowed |
|
|
Unlock Locally |
Controls the removal of the locked locally indicator |
|
Removing the indicator locked locally using the unlock locally function is allowed |
Removing the indicator locked locally using the unlock locally function is allowed Removal of the indicator locked locally using the unlock globally function is also allowed |
|
Lock Globally |
Controls the setting of the locked globally indicator |
Setting the indicator locked globally using the lock globally function is allowed |
|
|
|
Unlock globally |
Controls the removal of the locked globally indicator |
Removal of the locked globally indicator using the unlock globally function is allowed |
|
Removal of the locked globally indicator using the unlock globally function is allowed Removal of the indicator locked globally using the unlock globally function is also allowed |
Recommendations for Other Fields
| Field | Setting |
|---|---|
|
Printer |
Proposal |
|
Parameter |
Proposal |
|
Group (Gen.) |
Proposal |
|
Fields for data that the users maintain themselves |
Redistribution |
See also:
SAP Note 313945: CUA: Incorrect logon locks not globally reversible