Show TOC

User Administration with Active Central User AdministrationLocate this document in the navigation structure

With active Central User Administration, you still use User Maintenance (transaction SU01) to maintain users, but with the following differences.

  • Whether fields are ready for input or not depends on the distribution attributes that you assigned to the field in User Distribution Field Selection (transaction SCUM).

    Only the fields that may be maintained in the system are ready for input.

    Tip

    You can only change a field that is to be maintained globally in the central system. This field does not accept input in the child systems.

  • In the central system, User Maintenance (transaction SU01) also displays the Systems tab. Here you enter the systems to which users are to be distributed. To display the systems for the corresponding distribution model, use the entry help. Each time you save, the system distributes the user data to these listed systems.
  • The Roles and Profiles tabs each contain an additional column for each entry, specifying the system for which the user is assigned the role and profile.

    With the Text Comparison pushbutton on the Roles and Profiles tabs, you can update the texts for roles and profiles that you have changed, for example, in the child systems. The texts in the child systems are stored temporarily so that they are available in the central system. As the comparison requires some time, it is performed asynchronously and the current texts may not be available immediately.

    You can only assign profiles to users for the systems in which they are distributed. If you enter a new system when you assign profiles to users, the system displays a warning that the user was assigned a new system. The entry is automatically transferred into the Systems tab. After this, the user master record is also distributed to the new system.

    During text comparisons from child systems, the names of the generated profiles for the role are not copied to the central system, that is, only assigned profiles are displayed on the Profiles tab (such as SAP_ALL or S_A.SYSTEM), but no generated profiles of the roles.

All user master records are created in the central system. Users can then only log on to the central system if the central system itself is entered in Systems tab of the corresponding user master record.

Note

You can display the global user data from a child system in User Information System (transaction SUIM).

Further Information

As well as the authorizations already mentioned, you also need another authorization in the central system for object S_USER_SYS. You can only assign new systems to a new user with this authorization.

When a user is deleted in the central system, the system entry for the user is retained until the deletion is confirmed. If an error occurs, you can repeat the deletion by canceling the system (in the child system).

In the child systems, the RFC user is output as the last person to make changes. Choose an appropriate name when you set up the RFC user.

Related Information