Setting Up Central User Administration (SAP Library

Setting Up Central User Administration

An ALE environment is necessary to distribute the data. It can exchange data and keep it consistent. An ALE system group is used by the central user administration to distribute user data between a central system and systems linked by ALE.

Central user administration data is exchanged asynchronously between the application systems in an ALE environment. This ensures that it still reaches the target system even if it was unreachable when the data was sent.

One system in the central user administration ALE environment is defined as the central system. The links to the subsidiary systems emanate from the central system. The subsidiary systems are not linked to each other.

Perform the following steps to setup the central user administration:

Create system users

Create a system user. A user account is required for the internal communication between the systems in an ALE group. It is only used internally for this communication and not in dialog. This user must be created in all systems in the ALE environment with the same user name and password. Assign the type System and appropriate authorizations (e.g. SAP_ALL) to the user.

See Create and maintain user master records.

Name logical systems

Call the transaction SALE.

Choose Prepare sender and target systems -> Create logical systems -> Name logical system.

To put new logical systems in the list, choose New entries.

As the logical system table is cross-client, settings made here apply to all clients in an R/3 System. If the ALE environment only comprises the logical systems of an R/3 System, you only need to define the logical systems once. For several R/3 Systems, you must setup all logical systems in each instance completely.

Enter the short name under by which the system is to be known in the ALE group, in upper-case letters under Log.system. Enter a meaningful text name for the logical systems under Name.

We recommend a combination of system name and client number for the short name. For example BIZCLNT008 was chosen for the system BIZ and client 008.

Note that you must also enter any logical systems which are not in the current R/3 System. All logical systems must be defined in each R/3 System in the ALE environment.

Choose Save when you have entered all logical systems.

Naming the logical systems does not assign these logical system names to existing clients in your R/3 Systems.

Assign logical systems to clients

Assign logical systems to clients in the transaction SALE under Prepare sender and target systems -> Create logical systems -> Assign logical system to a client. Mark the client to which you want to assign a logical system and choose Detail. The system displays the detail screen. In the field Logical System, enter the name of the logical system you want to assign to the client. Then save your settings. This is case-sensitive.

Assign all central user administration logical systems to a client.

Define target systems for RFC calls

Define the RFC destinations for the logical systems under Prepare sender and target systems -> Configure systems in network. The remote function call is controlled by the RFC destination parameters.

An RFC destination is always created from the client to which you are logged on. To define an RFC link from client 008 to client 322, you must be logged on to client 008. Central user administration RFC links must always be two-way. To define the RFC link completely, you must also logon to client 322 and define client 008 as RFC destination.

Enter the RFC destination name. The name of the RFC destination should match the name of the corresponding logical system (e.g:B20CLNT323). This is case-sensitive.
Specify link type 3 for links to another R/3 System.
Enter the target client number under Client and the system user created at the beginning for internal system communication in the ALE environment, under User and Password. Save your entries.

The top of the screen changes when you save. You can specify whether you want to use load-sharing. This is recommended but not obligatory. Choose Load-sharing ® Yes and enter the message server under Target machine and the message server system number under System number.

Use the transaction RZ03 in the target system to get the target system message server name. Several servers are usually listed. The message server is the one which offers the service M. The message server name is the part of the server name before the first underline. The two-digit number at the end of the server name is the system number.

Create distribution model

When you have created the ALE environment, create the distribution model. The distribution model describes the ALE message flow between logical systems.

Logon to the system which is to be the central system, and call the transaction SCUA.
Create a distribution model. Enter a name and choose Create. Enter the target system in the next screen.

Save your entries.

The following actions are performed automatically when you save:

The message flow is defined for each recipient system by specifying sender and recipient systems and the Business objects USER (create user from models in other systems) or USERCOMPANY (maintain company address) and the method CLONE.
The partner profiles are generated for the subsidiary systems and the central system.
The distribution model is sent to the subsidiary systems.

Several partner profile generation logs appear. Check whether the partner profiles were created successfully.

Save the model view again in the Maintain system environment screen to confirm the distribution model as the basis for the central user administration.

The complete distribution model is distributed automatically to all subsidiary systems when you save the model assignment for the central user administration. You cannot create any more users after distribution to the subsidiary systems. A system is now defined as central system and the other systems are subsidiary systems for the central user administration.

If the central user administration is to use another already existing distribution model, delete the model view name with the icon. Enter another name and save. The distribution model is not deleted, it is no longer the basis for the Central user Administration.

You can delete a distribution model with Distribution model ® Delete all data.

You can also send the distribution model to the subsidiary systems with the icon.

You can edit distribution models completely in the transaction BD64.

You must partially perform the actions which are performed internally when you save the distribution model in the transaction SCUA manually in Releases before 4.6C, i.e., if you want to create an ALE environment for systems with different Releases, see: Setting up CUA for systems with different Releases. This contains background information if you have problems setting up the Central User Administration with transaction SCUA.

Testing Central User Administration

Create a test user in user maintenance (SU01).

Choose the System tab. Enter the logical name of the central system and all subsidiary systems.

Choose the Roles tab.

Choose Compare text from subsidiary systems.

The text comparison is necessary to tell the central system the names of the roles in the subsidiary systems. You can only display and select roles from subsidiary systems in the central system from the possible entries help after this step. You cannot assign roles from subsidiary systems manually without a text comparison.

Assign a role to the test user in each logical system in the system group. (Enter all logical systems in the System column and the role to be assigned to the test user in the Role column. One role per system is sufficient for testing).

The distribution procedure runs automatically when you save. The user is created with its roles in all defined systems.

You can check the result in the transaction SCUL.

See also:

For information on configuring the system landscape, see documentation ALE-Introduction and ALE integration technology.