Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CUA with AS Java systems

Former Member

‎03-11-2010 3:57 PM

0 Kudos

Hi "Team"

Some of you may have read my previous post on SSO and CUA (I don't know how to post the link to that here, sorry).

Following up on that discussion, I'm no longer dealing with the SSO part of my problem. I, however, need to get a good idea of how to get an AS Java system to get user and role assignments from my CUA master. I've seen this done before.

The problem I'm facing is that I have documentation (that I've only partially read) that suggests how to go about getting the AS Java system to use an AS ABAP system as a user store, and I get the part that the AS JAVA system will read the user list from the ABAP system, and stay up to date. But I'm not clear on how the role assignments between the CUA box and the JAVA box are setup.

The way I've seen it is that dummy roles are created in the AS ABAP box that is used as the user store (e.g. ECQ or something else) and then there is some correlation between those roles and the AS JAVA roles.

Any suggestions on where I'd start getting this information together?

Thanks a lot!

Santosh Krishnan

6 REPLIES 6

Former Member

‎03-11-2010 4:24 PM

0 Kudos

Hi,

Your R/3 roles are pulled through as User Groups in Java. You then assign your Java roles to the user groups

There is lots more info in relevant help pages: http://help.sap.com/saphelp_nwesrce/helpdata/en/4a/e06f429c789041e10000000a1550b0/frameset.htm

Former Member
In response to Former Member

‎03-11-2010 6:33 PM

0 Kudos

Thanks Alex, this is very useful information. I am going through it.

Regards,

Santosh Krishnan

Former Member

‎03-11-2010 6:22 PM

0 Kudos

You can just point your JAVA UME to an ABAP logical system as user store and provision the ABAP client from the CUA with users and UME roles.

But there are two big gotcha's in this approach:

- You cannot provision Java Security roles.

- You will need many many clients in the ABAP UME source system.

It being the year 2010 already, I would not implement this as a new project. Go for an IdM to provision both stacks directly as well as non-SAP systems.

No more IDocs to go hunting down either...

Cheers,

Julius

Former Member
In response to Former Member

‎03-11-2010 6:37 PM

0 Kudos

Julius,

I agree with you. But my client has made promises to their big guys and so they've made agreements (way prior to bringing me onboard to get this all going) that I have no influence upon. I actually suggested exactly what you wrote, but I got so much heat on it, I now have a healthy burnt look.

So I'm going to have to implement CUA, and get the AS JAVA boxes to use that method to provision users and handle role assignments.

However I didn't get your point about many many clients. Am I missing something regarding the setup? So far (with the information I have), I was thinking I'd designate one ABAP system as the user store for the Java systems. Do elaborate.

Thanks a lot.

Santosh Krishnan

Former Member
In response to Former Member

‎03-11-2010 6:45 PM

0 Kudos

> However I didn't get your point about many many clients.

Lets assume you have one ABAP client as UME source for all Java systems, and you temporarily want to assign a user to SAP_J2EE_ADMIN permissions in a sandbox....

All users will have the sum of all permissions of all Java systems in each of them ...

Cheers,

Julius

Former Member
In response to Former Member

‎03-11-2010 6:51 PM

0 Kudos

Yikes. That is a good point. Thanks a lot for all this info. I'm going to go offline and think about this now. You guys are awesome.

Cheers,

Santosh