Click here to load reader
Upload
ramesh-surepalli
View
215
Download
0
Embed Size (px)
Citation preview
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 1/14
SAP Security Interview Questions
Q. SAP Security T-codes
A. Frequently used security T-codes
SU01 Create/ Change User SU01 Create/ Change User
PFCG Maintain Roles
SU10 Mass ChangesSU01D Display User
SUIM Reports
ST01 Trace
SU53 Authorization analysis
Q How to create users?
Execute transaction SU01 and fill in all the field. When creating a new user, you must enter an initial password for
that user on the Logon data tab. All other data is optional. Click here for turotial on creating sap user id
Q What is the difference between USOBX_C and USOBT_C?
The table USOBX_C defines which authorization checks are to be performed within a transaction and which not
(despite authority-check command programmed ). This table also determines which authorization checks are
maintained in the Profile Generator.
The table USOBT_C defines for each transaction and for each authorization object which default values an
authorization created from the authorization object should have in the Profile Generator.
Q What authorization are required to create and maintain user master records?
The following authorization objects are required to create and maintain user master records:
• S_USER_GRP: User Master Maintenance: Assign user groups
• S_USER_PRO: User Master Maintenance: Assign authorization profile
• S_USER_AUT: User Master Maintenance: Create and maintain authorizations
Q List R/3 User Types
1. Dialog users are used for individual user. Check for expired/initial passwords Possible to change your own
password. Check for multiple dialog logon
2. A Service user - Only user administrators can change the password. No check for expired/initial passwords.Multiple logon permitted
3. System users are not capable of interaction and are used to perform certain system activities, such as background
processing, ALE, Workflow, and so on.
4. A Reference user is, like a System user, a general, non-personally related, user. Additional authorizations can be
assigned within the system using a reference user. A reference user for additional rights can be assigned for every
user in the Roles tab.
Q What is a derived role?
• Derived roles refer to roles that already exist. The derived roles inherit the menu structure and the functions
included (transactions, reports, Web links, and so on) from the role referenced. A role can only inherit menus and
functions if no transaction codes have been assigned to it before.
• The higher-level role passes on its authorizations to the derived role as default values which can be changed
afterwards. Organizational level definitions are not passed on. They must be created anew in the inheriting role.User assignments are not passed on either.
• Derived roles are an elegant way of maintaining roles that do not differ in their functionality (identical menus and
identical transactions) but have different characteristics with regard to the organizational level. Follow this link for
more info
Q What is a composite role?
• A composite role is a container which can collect several different roles. For reasons of clarity, it does not make
sense and is therefore not allowed to add composite roles to composite roles. Composite roles are also called roles.
• Composite roles do not contain authorization data. If you want to change the authorizations (that are represented
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 2/14
by a composite role), you must maintain the data for each role of the composite role.
• Creating composite roles makes sense if some of your employees need authorizations from several roles. Instead of
adding each user separately to each role required, you can set up a composite role and assign the users to that group.
• The users assigned to a composite role are automatically assigned to the corresponding (elementary) roles during
comparison. Follow the link to learn more
Q What does user compare do?
If you are also using the role to generate authorization profiles, then you should note that the generated profile is not
entered in the user master record until the user master records have been compared. You can automate this by
scheduling report FCG_TIME_DEPENDENCY on a daily.
Q. Can we convert Authorization field to Org, field
A. Authorization field can be changed to Organization field using PFCG_ORGFIELD_CREATE or
ZPFCG_ORGFIELD_CREATE
Use SE38 or SA38 to run the above report.
• Organizational level fields should only be created before you start setting up your system. If you create
organizational level fields later, you might have to do an impact analysis. The authentication data may have to be
postprocessed in roles.
• The fields "Activity", "ACTVT" and "Transaction code", "TCD" cannot be converted into an organizational level
field.
In addition, all affected roles are analyzed and the authorization data is adjusted. The values of the authorizationfield which is now to become the organizational level field are removed and entered into the organizational level
data of the role.
Note: Table for Org Element- USORG
Refer to Note 323817 for more detail.
Q. How many profiles can be assigned to any user master record.
A. Maximum Profiles that can be assigned to any user is ~ 312. Table USR04 (Profile assignments for users). This
table contains both information on the change status of a user and also the list of the profile names that were
assigned to the user.
The field PROFS is used for saving the change flag (C = user was created, M = user was changed), and the name of
the profiles assigned to the user. The field is defined with a length of 3750 characters. Since the first two characters
are intended for the change flag, 3748 characters remain for the list of the profile names per user. Because of the
maximum length of 12 characters per profile name, this results in a maximum number of 312 profiles per user.
Q. Can you add a composite role to another composite role? A. No Q. How to reset SAP* password from oracle database.
A. Logon to your database with orasid as user id and run this sql
delete from sapSID.usr02 where bname='SAP*' and mandt='XXX';
commit;
Where mandt is the client.
Now you can login to the client using sap* and password pass
Q. What is difference between role and profile.
A. A role act as container that collect transaction and generates the associated profile. The profile generator (PFCG)
in SAP System automatically generates the corresponding authorization profile. Developer used to perform this stepmanually before PFCG was introduced bySAP. Any maintenance of the generated profile should be done using
PFCG.
Q. What is user buffer?
A. When a user logs on to the SAP R/3 System, a user buffer is built containing all authorizations for that user. Each
user has their own individual user buffer. For example, if user Smith logs on to the system, his user buffer contains
all authorizations of role USER_SMITH_ROLE. The user buffer can be displayed in transaction SU56.
A user would fail an authorization check if:
• The authorization object does not exist in the user buffer
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 3/14
• The values checked by the application are not assigned to the authorization object in the user buffer
• The user buffer contains too many entries and has overflowed. The number of entries in the user buffer can be
controlled using the system profile parameter auth/number_in_userbuffer.
Q. How to find out all roles with T-code SU01?
A. You can use SUIM > Roles by complex criteria or RSUSR070 to find out this.
Go to the Selection by Authorization Value.
In Object 1 put S_TCODE and hit enter.
And put SU01 in Transaction code and hit execute (clock with check) button.
I use authorization object, as you can use this to test any object.
You can also get this information directly from table, if you have access to SE16 or SE16N. Execute SE16N
Table AGR_1251
Object S_TCODE
VALUE (low) SU01
Q. How to find out all the users who got SU01 ?
A. You can use SUIM >User by complex criteria or (RSUSR002) to find this out.
Go to the Selection by Authorization Value.
In Object 1 put S_TCODE and hit enter.
And put SU01 in Transaction code and hit execute (clock with check) button.I use authorization object, as you can use this to test any object.
Q. How to find out all the roles for one composite role or a selection of composite roles?
A. Execute SE16N
Table AGR_AGRS
Composite roles You can put multiple composite roles using the more button
Q. How to find out all the derived roles for one or more Master (Parent) roles?
A. Execute SE16N
Table AGR_DEFINE
Use either agr_name field or Parent_agr field.
Q. How can I check all the Organization value for any role?
A. Execute SE16N
Table AGR_1252
Role Type in the role here and hit execute.
You can always download all the information to spreadsheet also using .
Q. How do I restrict access to files through AL11?
A. First create an alias. Go to t-code AL11 > configure > create alias. Let say we are trying to restrict alias
DIR_TEMP which is /tmp. Open PFCG and assign t-code AL11, and change the authorization for S_DATASET as
mentioned below
Activity 33
Physical file name /tmp/*Program Name with Search Help *
Q. How can I add one role to many users?
A. SU10. If you have less than 16 users then you can paste the userids.
If you have more than 16 users – Click on Authorization data and click on next to users and upload from clipboard .
Hit the change button and go to the role tab and add the roles to be assigned and hit save.
Q. What are the Best practices for locking expired users?
A. Lock the user. Remove all the roles and profiles assigned to the user. Move them to TERM User group.
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 4/14
Q. How can be the password rules enforced ?
A. Password rules can be enforced using profile parameter. Follow the link to learn more about the profile
parameter.
Q. How to remove duplicate roles with different start and end date from user master?
A. You can use PRGN_COMPRESS_TIMES to do this. Please refer to note 365841 for more info.
Q. How come the users have authorization in PFCG, but user still complains with no authorization?
A. Make sure the user master is compared. May be the there is a user buffer overflow
Also check the profile- Follow the instruction below.
SUIM > User by complex criteria.
Put the userid of user who is having issue.
Execute
Double click on the user id and expand the tree. Select the profile in question and see if the authorization is correct
or not. If not do the role reorg in PFCG and see if that helps.
Q. How can I have a display all roles.
A. Copy sap_all and open the role and change the activity to 03 and 08
Q. How can I find out all actvt in sap?
A. All possible activities (ACTVT) are stored in table TACT (transaction SM30), and also the valid activities foreach authorization object can be found in table TACTZ (transaction SE16).
Posted by MSGoud at 1:18 PM 1 comment:
Step-by-Step Guide for Using LSMW
Step-by-Step Guide for Using LSMW to Update Customer Master Records
Business Case:
As a part of reorganization and to better serve the customer needs, you are regrouping many of the customers. In
SAP terms, you are changing the Sales Office, Sales Group and Customer Groups for specific Customer Master
Records. Typically, you would maintain customer records with transaction XD02 to update ‘Sales View’. You
would enter Customer Key (Customer No, Sales Organization, Distribution Channel, and Division) and update
relevant fields on Sales View screen.
This document contains Step-by-step instructions to use LSMW to update Customer Master Records. It has two
demonstration examples - one using Batch Recording and another using standard SAP Object.
Note! The screen prints in this article are from IDES Release 4.6. They may differ slightly in other versions.
Demo Example 1
LSMW to Update Customer Master Records with Transaction Recording
Call Legacy System Migration Workbench by entering transaction code LSMW. Every conversion task is grouped
together as Project / Subproject / Object structure. Create a Project called LSMW_DEMO and a Subproject as
CUSTOMERS and Object as CUST_REC as shown in Figure 1.
Figure 1 Conversion Task with Project, Subproject and Object
The main screen of LSMW provides wizard-like step-by-step tasks, as shown in Figure 2. To complete your data
conversion, you need to execute these steps in sequence. Once a step is executed, the cursor is automatically
positioned to the next step.
Note that these steps may look different depending upon your Personal menu settings. You could make step
numbers visible by ‘Numbers on’ icon or hidden by ‘Numbers off’ icon. You can execute a step by double-clicking
on the row. Toggle icon ‘Doubleclick=Display’ or ‘Doubleclick=Edit’, makes the step in ‘display’ mode or ‘change’
mode.
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 5/14
Figure 2 LSMW Wizard – initial screen
Step 1: Maintain Object attributes
In this example, you will be updating the customer master records with the help of recording a transaction (XD02).
Choose radio button Batch Input Recording and click on the recording overview icon to record the R/3 transaction.
Enter the Recording name as XD02_REC, the description as Customer Master Updates Recording, and the
transaction code as XD02.
Figure 3 Object type ‘Transaction Recording’
The system calls the transaction code XD02 and prompts you to complete the Change
Customer transaction, as shown in Figure 4. Enter the key customer information (I entered customer number 1000,
sales organization 1000, distribution channel 01, and division 00) and choose ‘Sales’ view within ‘Sales area data’.
Make changes to these three fields (I entered, sales office 1010, sales group 110, and customer group 01) and save
the transaction.
Figure 4 Transaction recording for Transaction Code ‘XD02’
Once the transaction is completed, R/3 records the flow of screens and fields and saves the information, as shown in
Figure 5.
Figure 5 Transaction recording overview
Note that the fields are populated with default values. The values you entered when you recorded the transaction are
set by default.
Note that if you have more fields in the recording than needed, you can remove them by clicking ‘Remove Screen
field’ icon.
Observe that the transaction-recording process stores field names in a technical format. By pressing the F1 key on
individual screen fields and then pressing the F9 key, the system displays technical names. You then can replace the
technical names with descriptive names. Double-click on the field RF02D-KUNNR and enter the name as KUNNR
and the description as Customer Account Number and remove the default value. (See Figure 6.)
Figure 6 Field attributes
Similarly, double-click on all other fields with default values and make appropriate changes. Once you have made
changes, the recording overview screen looks like what you see in Figure 7.
Figure 7 Transaction Recording Overview – with screen field attributes
Save your changes. When you go back to the initial screen, you will see that the initial screen steps have changed.
Since you want to import data via the BDC method, the Direct Input and IDoc-related steps are hidden, as they are
not relevant.
Step 2. Maintain Source Structures
Give a name and a description to the source structure (Figure 8).
Figure 8 Source Structure
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 6/14
Step 3. Maintain Source Fields
In this step, you need to list what fields are present in the source structure. The easiest way is to click on ‘Table
Maintenance’ icon to enter Fieldname, Type and Length for each field as shown in Figure 9.
Figure 9 Source fields of source Structure
Note that your input file will have four fields as key fields and you need to update three fields in the system.
Step 4: Maintain Structure Relations
Execute a step to ‘Maintain Structure Relations’. (See Figure 10.) Since, there is only one Source and Target
Structure, the relationship is defaulted automatically.
Figure 10 Structure Relation
Step 5: Maintain field mapping and conversion rules
Field RF02D-D0310 represents that you chose ‘Sales view’ for the customer Master screen accordingly its value
should be set to X. Keep your cursor on field RF02D-D0310 and click on Constant rule icon to choose the constant
value of ‘X’.
If your source file already has the field value, you choose rule ‘Source Field’.
Keep cursor on field ‘KUNNR’ and click on ‘Assign Source field’ icon to choose source field CUSTOMER from
structure XD02S as shown in Figure 11.
Figure 11 Assign source fields
Similarly, assign ‘Source Field’ rules to the remaining fields.
Once all the fields are mapped, you should have an overview screen as shown in Figure 12.
Figure 12 Field mapping and Conversion rules overview
Step 6: Maintain fixed values, translations, user-defined routines
You can also maintain re-usable translations and user-defined routines, which can be used across conversion tasks.
In this case, that step is not required.
Step 7: Specify files
In this step, we define how the layout of the input file is. The input file is a [Tab] delimited with the first row as field
names. It is present on my PC (local drive) as C:\XD02.txt. (See Figure 13.)
Figure 13 File attributes
Create an Excel file (Figure 14) with your data and save it as a Tab-delimited text file on your local drive (C:\) and
name it XD02.txt.
Figure 14 Source data in Excel file (saved as Tab delimited file)
Step 8: Assign files
Execute step ‘Assign Files’ (Figure 15) and the system automatically defaults the filename to the source structure.
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 7/14
Figure 15 Assign file to Source Structure
Step 9: Read data
In this step, LSMW reads the data (Figure 16) from the source file (from your PC’s local drive). You have the option
to read only selected rows and convert data values to Internal format.
Figure 16 Read Data
Step 10: Display read data
This step (Figure 17) is optional. If required, you can review the field contents for the rows of data read.
Figure 17 Display Read Data
Step 11: Convert data
This is the step that actually converts the source data (in source format) to a target format. Based on the conversion
rules defined, source fields are mapped to target fields.
Step 12: Display Converted data
Again this is an optional step to view how the source data is converted to internal SAP format (Figure 18).
Figure 18 Display Converted DataStep 13: Create batch input session
Once the source data is converted in an internal format, you can create a batch session to process updates (Figure
19).
Figure 19 Create Batch Input Session
Step 14: Run Batch Input Session
You can execute the BDC session by Run Batch input session. Executing a batch input session is a standard SM35
transaction for managing BDC sessions. Once you have successfully executed the batch input session, the customer
master records are updated in the system. You can confirm this by viewing the customer master records (XD03).
Note! Browsing thru these 14 steps, you may get a feeling that this is a very lengthy and time-consuming activity.
However, for the purposes of demonstration, I have made it detailed. Although it looks lengthy, actually it takeshardly few hours from start-to-finish! After playing around with few simple LSMW scripts, you will find it so easy
to change and create more complex ones.
Demo Example 2
LSMW to Update Customer Master Records with Standard Object
As an alternative to using ‘Transaction Recording’, you could also use a standard SAP object to update Customer
Master Records. Business Object ‘0050’ is already pre-defined in the system with standard Batch Input Interface
Program ‘RFBIDE00’.
Create an Object CUST_OBJ within Project as LSMW_DEMO and Subproject as CUSTOMERS as shown in
Figure 20.
Figure 20 LSMW Object with Standard SAP Object
Note! For the Demo example 2, I will list only those steps that are different from the first demo example.
Step 1: Maintain Object attributes
You will be updating the customer master records with the help of Standard Batch Input; therefore, choose radio-
button Standard Batch/Direct Input as shown in Figure 21. Enter Object ‘0050’ for Customer Master records and
default method ‘0000’ and click on Save.
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 8/14
Figure 21 Standard Batch/Direct Input Object Attributes
Step 4: Maintain Structure Relations
Sales view of Customer Master is stored in table KNVV. Accordingly, you need to update structure BKNVV.
However, in addition, the Standard Object ‘0050’ also requires updates to BGR00, BKN00 and BKNA1 structures.
(If you do not maintain Structure relations for mandatory entries, you might get a message such as ‘Target structure
BKNA1 needs a relation to a source structure’.)
Even though you don’t want to update any fields in these structures, you need to create a relationship with source
structures. In all, you need to create relationship for four target structures.
Create relationship between source structures XD02S with these target structures with icon ‘Create Relationship’ .
Keep Cursor on these four target structures and click on icon ‘Create Relation’ and structure relations are maintained
as shown in Figure 22.
Figure 22 Structure Relation
Step 5: Maintain field mapping and conversion rules
-- Keep your cursor on ‘TCODE’ field and click on ‘Insert Rule’ icon
Figure 23 LSMW Conversion Rules
Choose radio button ‘Constant’ (Figure 23) to enter value ‘XD02’ transaction code.
-- Keep your cursor on field ‘KUNNR’ and click on ‘Assign source field’ icon
Choose source field ‘Customer’ from source structure ‘XD02S’. (See Figure 24.)
Figure 24 Assign Source fields
-- Similarly, choose source fields for Sales Organization, Distribution Channel, and Division. (See Figure 25.)
Figure 25 Field Mapping and Conversion Rules
-- Scroll down to structure BKNVV fields and assign source fields to three fields Sales Office, Sales Group, and
Customer Group (Figure 26).
Figure 26 Field Mapping and Conversion Rules
Save and go back to main screen.
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 9/14
Step 12: Display Converted data
When you convert data, LSMW automatically converts into the appropriate structure layouts, as required by
Standard program (RFBIDE00). (See Figure 27).
Figure 27 Converted data into multiple structures
Note that if you had only one record in source file, the converted file has four records.
Earlier, creating this input file, so that the standard interface program can read it, was a big nightmare, the primary
reason being that it could have multiple record layouts. Even for a simple conversion with one input record, you
would have to create this complex file with many record layouts. The advantage of LSMW is that it prepares these
multi-layout files automatically.
Step 13: Create batch input session
Once source data is converted in internal format, you can create a BDC session to process the updates (Figures 28
and 29).
Figure 28 Create BDC Session
Figure 29 BDC Session ‘CUST_OBJ’ created
Summary
Once BDC session is processed successfully, SAP updates the customer master records with relevant changes.Review these specific customers (transaction code XD03) and confirm that the changes are correctly reflected in the
master records.
Mitresh Kundalia heads SAP practice division at Quality Systems & Software (www.QSandS.com). QS&S helps
companies achieve world-class performance by realizing their latent business and technological potential with
emphasis on SAP systems. QS&S uses Industry-wide best-practices and proven implementation tools to integrate
complex business processes with the SAP system. With an MBA degree in finance, Mitresh implements Financial
and Logistics applications with specialization in Management reporting, Profitability Analysis, Information systems
and Business Information Warehouse. He can be reached by e-mail at [email protected].
Posted by MSGoud at 12:50 PM No comments:
XI Interview questions
Q1: What is SAP XI?
A1: SAP XI is a component of SAP NetWeaver and it runs on SAP Web Application Server (SAP Web AS). SAP
XI enables ISVs to implement collaborative processes (A2A or B2B) using standards-based XML messaging.
Q2: What are the XI interface certifications that SAP offers?
A2: SAP offers XI Adapter (NW-XI-AF), XI Content (NW-XI-CNT), and XI Content based on Industry Standards
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 10/14
(NW-XI-CNT-IS) certification for ISVs.
Q3: When should ISVs build an XI adapter?
A3: XI adapters provide an additional, specific technical protocol to facilitate communication with XI. SAP already
provides many adapters such as SOAP, HTTP, RFC, Idoc, etc. Typically XI adapters are provided by EAI vendors
for support of additional protocols. XI adapters must be implemented as resource adapters of the Java Connector
Architecture 1.0 (JCA).
Q4: What do I need to build and test my XI adapter?
A4: You must have the SAP Partner Connectivity Kit (SAP PCK) to develop and test your XI adapter. Once you
apply for XI Adapter certification, an ICC representative will put you in contact with the relevant group in SAP so
that you can purchase the PCK license.
Q5: What is the SAP PCK?
A5: The SAP PCK provides a platform to development and test your own JCA resource adapter. The SAP PCK
includes JCA sample adapter with source code, XML file for sample adapter metadata, and Java docs for adapter
development.
Q6: What is XI content package?
A6: XI content facilitates integration scenario of a particular business process (A2A or B2B) via XI. The XI content
package includes integration scenario, message definitions, interface definitions, and mapppings using XIintegration builder tools. ISVs who plan on integrating their business application with SAP business applications via
XI typically would go for XI content certification.
Q7: What is XI content package based on Industry Standards?
A7: SAP supports many industry standards such as RosettaNet (for High Tech), CIDX (for Chemical), ISA-S96 (for
Manufacturing), STAR (for Automotive), etc. ISVs can select business processes defined by industry standards to
build a content package via XI. ISVs who want to utilize industry standard on their integration scenario should go
for XI content based on Industry Standards.
Q8: Where do I find more information about XI integration scenarios?
A8: Please go to XI interface page to learn more on XI Adapter certification.
Please go to XI Content interface page to learn more on XI Content certification.
Please go to XI Content based on Industry Standards interface page to learn more on XI Content based on IndustryStandards certification.
Q9: Where can I get XI test system to build XI content package?
A9: ICC is hosted many SAP application systems including XI for ISVs remotely access to develop and test their XI
content scenario. For more information on this service, please refer to Developer Package.
Q10: Can I become PBNW after the completion of XI certifications?
A10: It depends. If you complete the XI adapter certification successfully, you qualify for PBNW.
If you complete either XI content or XI content based on Industry Standards certification, you also need to complete
the EP-BP certification to obtain PBNW.
Posted by MSGoud at 12:40 PM No comments:
ASAP Methodology
SAP Stands for System Application Product in Data Processing
In 1972, five systems analysts began working nights and weekends to create standard software with real-time data
processing. Twenty-five years later their vision is a reality: SAP is the world’s market and technology leader in
business application software.
On April 1, 1972 five former IBM employees founded SAP as System analyse und Programmentwicklung
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 11/14
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 12/14
The purpose of this phase is to complete the final preparation of the R/3 System for going live. This includes testing,
user training, system management and cutover activities, to finalize your readiness to go live. This Final Preparation
phase also serves to resolve all crucial open issues. On successful completion of this phase, you are ready to run
your business in your productive R/3 System.
IIn Phase 4, your end users go through comprehensive training. The last step will be to migrate data to your new
system. In particular a going-live check is carried out and an R/3 Help Desk set up.
Phase 5: Go Live and SupportNow you are ready to go live with your productive system! Afterwards, the project
team focuses on supporting the end users, for which training may not be completed. It is also necessary to establish
procedures and measurements to review the benefits of your investment in R/3 on an ongoing basis. Key SAP
Services to support you in this phase include
Posted by MSGoud at 12:38 PM No comments:
Thursday, November 29, 2007
CUA-Central User Administration
W hat i s t he easy and s im p le w ay o f ac t i va t i ng Cen t r a l User Adm in i s t r a t i on
( CUA) v ia SCUA?
Customers that have implemented the Central User Administration in lower releases have
had to read and skim through cookbooks and adhere to the different set-up procedures of the ALE landscape used to propagate the user data and input methods like UserClone in
transaction WE20 (managing partner profiles), bearing in mind upper and lower cases for
the different methods. There is good news for you.
The setup of CUA is now extremely simple and easy. All you have to do to activate the CUA,regardless of whether you want to set up a complete new CUA just add a new client to the
CUA, is activate the CUA via transaction SCUA. So, no more fumbling in ALE configurationsand partner profile management is needed! The process, in short, is as follows:
1. Log on to the new child system and create a communication user for the CUA. Assign this
user a customer copy of the following two roles: SAP_BC_USR_CUA_CLIENT,
SAP_BC_USR_CUA_SETUP_CLIENT. The latter can be removed from the communicationuser after CUA activation.
2. Create the RFC connection(s) between central system and client.
3. Create a new logical system for the CUA client.
4. Assign the logical system to a client .
5. Go into transaction SCUA, enter the logical system and save. This will generate the ALEdistribution model including partner profiles.
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 13/14
6. If you configure a CUA newly from scratch you have to customize the field distribution in
transaction SCUM.
7. Migrate new users into your CUA central using transaction SCUG. Let's look at the details
and do it.
The CUA landscape we start with is as follows: We have a central system in client 100 on aWeb Application Server stand-alone called TT1.
We have two child systems in client 200 and 300. Now, we want to add client 400. So, how
do we start? Create the communication user on client 400.
So, we log on to client 400 and create the communication user via transaction SU01. This
user has also been assigned the roles Z_SAP_BC_USR_CUA_CLIENT and
Z_SAP_BC_USR_CUA_SETUP_CLIENT, which are custom copies of the pre-delivered SAP
roles.
Now we have to create the RFC connection. To do this, we log onto the central system client
100 in system TT1 and go into transaction SM59. We maintain the technical settings for theRFC connection.
And we maintain the communication user in this RFC connection. What is the next step? To
create a logical system for the new client 400. This is done in transaction SALE on the
central system. Navigate to the menu path for logical systems and click on Define LogicalSystem.
On the next screen enter a new value for TT1CLNT400 and save. Then, go back with thegreen arrow and double-click on Assign Logical System to Client. On the next screen
double-click on client 400. Assign the logical system TT1CLNT400 to client 400.
Please note that the setup of the CUA landscape in our example spares us the burden of creating an RFC connection from the new daughter system client 400 back to the CUA
central client 100, because we are in ONE system only, namely the TT1.
W hat i s l e f t t o do?
Well, all you have to do now is go into transaction SCUA, add the new child systemTT1CLNT400 there, and click on save. Let us do it. After you have saved your entries, you
will see the following logs. So, activities you formerly had to do yourself like creation andgeneration of the ALE partner model and input of methods in the ALE model are now done
AUTOMATICALLY for you.
If you have not configured it yet, you can now maintain the field distribution in transactionSCUM. This transaction allows you to configure on a field level where you want to allow
7/31/2019 SAP Security Interview Questions1
http://slidepdf.com/reader/full/sap-security-interview-questions1 14/14
fields of the user master record to be maintained. Optionally you can just take the SAP
defaults. So there is nothing to configure in transaction SCUM. The defaults will be
distributed when you activate the CUA with transaction SCUA.
Then, you can migrate the users from child system 400 into the central system 100 using
transaction SCUG. For more information on CUA and how to implement
it please take a look here: SAP Security Homepage" -> Security in Detail -> IdentityManagement -> Centralized Administration -> Cookbook: Central User Administration (Web
AS ABAP 6.20 or higher release)
Hopefully, this weblog has shown how easy it has become to implement CUA. The crucialtransaction SCUA has been powerfully enhanced, so that you are spared the burden of a lot
of manual configuration. I hope you enjoy implementing CUA.