How to set up Central User Administration (CUA) in SAP

As we have seen the overview of CUA in our pervious blog, now, I will explain the procedure to set up the CUA. At macro level details, below steps need to be performed to set up the CUA:

Steps to Set Up the CUA

  1. Create Administrator
  2. Specify Logical systems
  3. Assign logical systems to client
  4. Create system users
  5. Create RFC destinations
  6. Create CUA
  7. Set field distributor parameters
  8. Synchronization of company addresses
  9. Transfer Users

Below are the systems considered as an example to set up CUA:

  • System ABC with client 123
  • System PQR with client 456
  • System XYZ with client 789

Here, we will set system ABC (client 123) as a CUA central system and other systems as child systems. As per this structure, we will proceed with above mentioned steps:

1. Create Administrator User

In a completely new system that is to be set up, an administration user needs to be created with which all further steps can be performed. To create such administrator user:

  • Login to all systems with user SAP* and create the user in t-code SU01
  • Assign the relevant administrator role to user
  • Apply the security measures to secure SAP* user against misuse

2. Specify Logical systems

In CUA landscape, SAP systems are identified with Logical system names. Due to this, Logical systems need to be created for every system which is going to be included in CUA landscape. This is one time task to be performed before setting up CUA. The Logical systems can be defined be following below steps:

  • Login to system ABC (client 123) with administrator user created in step 1
  • Go to t-code BD54 You can; alternatively maintain the table view V_TBDLS using transaction SM30.
  • Choose Edit ? New Entries
  • In the LogSystem column, create a new logical name in capital letters for every CUA system (that is, for the central and all child systems including those from other SAP Systems). Here, the standard naming convention for logical system is <System ID>CLNT<Client>. In this way, the below logical systems will be created in CUA central system (ABC system):
    • ABCCLNT123
    • PQRCLNT456
    • XYZCLNT789

In the same way, create the logical system name for the central system in all child systems.

3. Assign logical systems to client

We need to perform this cross-client procedure only once for each SAP system as per below procedure:

  • Login with administrator user and execute the t-code SCC4
  • Switch to change mode
  • Call the detail display of the client that you want to assign a logical system by double clicking on the line of the client
  • In the Logical System field, specify the name of the logical system to which the selected client is to be assigned

Ex: – If we execute the t-code SCC4 in system ABC then, open the client 123 and maintain the logical system name as ABCCLNT123

4.Create system users

System users are required for the internal communication of the systems in an ALE group. These system users, defined in the target systems, are entered in RFC destinations in the calling systems.

Note: – No license fees apply to these system users.

To simplify the maintenance of system users, use the following naming conventions:

  • In the central system (system ABC), the naming convention will be CUA_<system Id>. This system user is used in the RFC destinations from child to central system. With this naming convention, we need to create the system user in system ABC with name: CUA_ABC
  • In the child systems, the naming convention CUA__<System Id>_<Client>. These system users are used in the RFC destinations from central to child system. With this naming convention, we need to create the system users as below:
SAP CUA System Name System User
Table 1
Published
Categorized as SAP Tagged

S_TABU_NAM: An advanced authorization object for generic table access

In general, the access to particular table is controlled by authorization object S_TABU_DIS which has fields for activity (ACTVT) and Authorization group (DICBERCLS). In this case, it is understood that the table is assigned to specific authorization group and the name of authorization group containing the respective table has be maintained in S_TABU_DIS.

However, this situation has some limits:

  • There are large numbers of table which are not assigned to any authorization groups, these are included under authorization group &NC& but assignment of tables to this authorization group is not much useful while securing access to any particular table.
  • The authorization group name can have up to 4 characters hence there is a limit to define the authorization group.
  • If we need to give access to only one table belonging to some authorization group; say XYZ then it involves an additional efforts.

Published
Categorized as SAP Tagged

SAP R/3 Security – Interview Questions


1. How to create the user group in SAP system?
Ans :

User group can be created by performing the below steps:

  • Execute the t-code SUGR
  • Enter the name of user group to be created in the textbox
  • Click on the create the button
  • Enter the description and click on save button

2. How to find the Transport requests containing the specific role?
Ans :

The list of Transport requests containing the specific role can be retrieved by performing below steps:

  • Execute the t-code SE03
  • Double click on option “Search for Objects in requests/Tasks” under node “Objects in Requests” in left panel of screen. This will take us to new screen.
  • In object selection screen, enter the field value as ACGR and check the checkbox present at left side.
  • Enter the role name for which we need the list of transport request.
  • In screen “Request/Task Selection” screen (below section of the same screen), check the status of the requests which we need in the list
  • Click on execute button

3. How to check the transport requests created by other user?
Ans:

The t-code SE10 provide the option to enter the user name. By using this facility, we can search the transport requests created by other users.

Published
Categorized as SAP Tagged

Introduction to Central User Administration (CUA) – SAP

In a large landscape consisting of number SAP systems, it becomes time consuming job to perform user administration. For instance, if one needs to assign the role to one user in all the systems involved in the landscape, one needs to perform the below steps in each system in landscape:

  • Login to system
  • Execute the t-code SU01 and open the user
  • Assign the role and save the changes

The above process can be simplified if Central User Administration system (CUA) has been installed in above landscape. Now, we will go through the detailed introduction to CUA in below section.
CUA is a SAP system to which all the SAP systems in landscape are connected through RFC connections. This enables user to perform user maintenance for all the connected systems from one central CUA system. Below is the pictorial representation of this concept:

Central User Administration (CUA) in SAP
Central User Administration (CUA) in SAP

Published
Categorized as SAP Tagged

Streaming API Using JQuery – Salesforce

Push technology is a model of Internet-based communication in which information transfer is initiated from a server to the client. Also called the publish/subscribe model, this type of communication is the opposite of pull technology in which a request for information is made from a client to the server. The information that’s sent by the server is typically specified in advance. When using Streaming API, you specify the information the client receives by creating a PushTopic. The client then subscribes to the PushTopic channel to be notified of events that match the PushTopic criteria.

In push technology, the server pushes out information to the client after the client has subscribed to a channel of information. In order for the client to receive the information, the client must maintain a connection to the server. Streaming API uses the Bayeux protocol and CometD, so the client to server connection is maintained through long polling.

The Bayeux protocol and CometD both use long polling.

  1. Bayeux is a protocol for transporting asynchronous messages, primarily over HTTP.
  2. CometD is a scalable HTTP-based event routing bus that uses an AJAX push technology pattern known as Comet. It implements the Bayeux protocol.

There is nice jQuery plugin available on web which implements Bayeux protocol and CometD.

Navigate here for Salesforce documentation for Streaming API.

Common Terms used in Streaming API:

  • Event : Either the creation of a record or the update of a record. Each event may trigger a notification.
  • Notification : A message in response to an event. The notification is sent to a channel to which one or more clients are subscribed.
  • PushTopic : A record that you create. The essential element of a PushTopic is the SOQL query. The PushTopic defines a Streaming API channel.

Example used in this article :

I want notifications about all opportunity whose status is won.
First step to implement any streaming API is to create the Push Topic, which is going to subscribed by all the clients.

Create PushTopic:

To create PushTopic, we will need the developer console of the Salesforce and assume that the name of the topic is “WonOpportunity”.

PushTopic pushTopic = new PushTopic();
pushTopic.ApiVersion = 23.0;
pushTopic.Name = 'WonOpportunity';
pushTopic.Description = 'Notify if the Opportunity won';
pushTopic.NotifyForOperations = 'All';
pushTopic.NotifyForFields = 'Referenced';
pushtopic.Query = 'Select o.OwnerId, o.Name, o.IsWon, o.Id, o.Amount From Opportunity o WHERE o.IsWon = true';
insert pushTopic;
System.debug('Created new PushTopic: '+ pushTopic.Id);
Salesforce Streaming API - Create Push topic
Salesforce Streaming API - Create Push topic

Handling Colon in Element ID in JQuery – Visualforce problem

Today i came across very known problem of jQuery and thought of sharing same with everyone. In Salesforce the element id is in the format of “j_id0:j_id3:j_id4:c_txt“. In previous post we have already discussed about getting the elementId in Visualforce.
When i tried to find the element in JQuery like $(‘#j_id0:j_id3:j_id4:c_txt’), i was getting the error on JavaScript console of the browser. After few searches, i got to know that this is known problem and faced by many of the developers.

Live Demo

Create Forum inside WordPress blog using Mingle Forum Plugin

This was the requirement of one of my friend who needed integration of forum with wordpress blog. All the users of wordpress should be able to login into the forum. It was the good idea but normally i have not seen this type of functionality. Then after searching i came across one powerful forum plugin for the wordpress named “Mingle Forum for the wordpress“.

To start with it install the “Mingle Forum” plugin and activate it.

CSS – label control ignores the width style

Label tag does not work with css attribute “width” on some browsers like Chrome and Mozilla.

Simplest solution is :
before applying css for width, make sure “float:left” is written for label control.

Label elements are in-line style elements, so technically Chrome and Firefox are interpreting the CSS properly by not obeying my width declaration. In-line elements do not accept width attributes. The workaround is to force the label element to become a block level element by floating it.