Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

sap-security: Myths about CUA

Former Member

‎03-18-2010 10:45 AM

0 Kudos

can anybody plz tell me, what is the process of creating/maintaining CUA by a sap-security admin?

Edited by: Julius Bussche on Oct 15, 2010 10:41 AM

10 REPLIES 10

lbreddemann
Active Contributor

‎03-18-2010 11:41 AM

0 Kudos

Any relation to MaxDB??

regards,

Lars

Former Member

‎03-20-2010 7:47 AM

0 Kudos

1. create logical systems thru SALE

2. maintain RFC thru SALE or SM59

3. create model thru BD64

mention what actions needs to be done. Ex. User creation and assignemnt of roles thru User Cloning

generate partner profile

disribute model

4. t-code SCUA(OPTIONAL)

Former Member

‎03-31-2010 6:12 PM

0 Kudos

Sreeya,

Besides what was already mentioned for setting up CUA, below is the SAP Help URL to peforming these activities along with additional information pertaining to CUA system.

http://help.sap.com/saphelp_nw04/helpdata/en/bf/b0b13bb3acd607e10000000a11402f/frameset.htm

I have this in PDF format from SAP if you want it please email and Ill send over.

Thanks,

Matt

Edited by: Matthew Laurence Urban on Mar 31, 2010 7:13 PM

Former Member

‎05-14-2010 8:55 AM

0 Kudos

Hello Shreeya,

Just to list down the steps involved in CUA implementation

1) Specify Logical System names (Tcode SALE or BD54)

2) Assign logical system names to Clients (Tcode Scc4)

3) Create system users as required for creating RFC Destinations (Tcode SU01)

4) Create RFC Destinations in each clients (Tcode SM59)

5) Create CUA ( Tcode SCUA)

6) Setup Distribution Parameters for CUA (Tcode SCUM)

7) Synchronize Data and transfer users (Tcode SCUG)

If you need the details on how to execute each step , pls get back to me.

Thanks

Chetan

Former Member
In response to Former Member

‎05-25-2010 1:23 PM

0 Kudos

If you are not using CUA currently, I would recommend that you do not take the time to go through the configuration. CUA is obsolete and will no longer be upgraded by SAP. An end of support date has also been announced. As a replacement, NetWeaver Identity Management is available for maintaining SAP systems. If you only use NetWeaver Identity Management for SAP Systems, you should be able to get this as a no charge application from SAP. There is a fee involved once you expand into using the tool for non-SAP systems such as active directory, platform, etc.

Former Member

‎10-15-2010 9:44 AM

0 Kudos

Moved to the Security Forum...

Please see [this blog on availability and support of the CUA|http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/21565] [original link is broken] [original link is broken] [original link is broken]; released by SAP.

Cheers,

Julius

Former Member
In response to Former Member

‎10-15-2010 10:12 AM

0 Kudos

Julius,

Thanks for posting up the clarification. I cannot be the only consultant who's clients have been asking for a unified answer from SAP on this.

Former Member
In response to Former Member

‎10-15-2010 10:14 PM

0 Kudos

> 

> Moved to the Security Forum...
> 
> Please see [this blog on availability and support of the CUA|http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/21565] [original link is broken] [original link is broken] [original link is broken]; released by SAP.
> 
> Cheers,
> Julius

Nice to know... thanks.

Former Member
In response to Former Member

‎10-15-2010 10:45 PM

0 Kudos

Thanks for the confirmation that I really am out in the wilderness over here ; )

Former Member
In response to Former Member

‎10-15-2010 11:37 PM

0 Kudos

Not sure what you meant by that "wilderness" comment... (though I use it myself sometimes

I have a customer implementing new systems on release 7.10 so they have no legacy CUA or coding etc.

They are using CUA from SolMan for all logical systems (ERP; BW, PI, SolMan) with the exception of the ERP productive client where the users are provisioned via SAML (currently external ID mapping for initial loads, later federation).

We have 3 million SU01 users...

CUA is very rubust, and if you understand how it works and what the tweaks are then it works like a charm.

Even when the "C" in "CUA" becomes a hassle with decentral admin requirements (user groups are a classic example in the master) then there are simple ways to deal with most of them in SHD0.

If you have already consolidated your systems or even implementing new ones, then you should not exclude CUA as an option.

My benchmarks are:

- CUA is easy to implement but requires a central guru for the tool. A knowledgeable admin can get it up and running in a few days.

- IdM is infact a development environment and not only a tool. It is an organizational project (possibly beyond company boundaries) which an admin cannot perform on their own.

Depending on the requirements and systems in the landscape, you choose the tool.

CUA is not obsolete!

Cheers,

Julius