cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Automated HANA User Creation from SLT server - Just started happening?

Go to solution
MattHarding
Active Contributor

on ‎05-24-2016 10:02 AM

0 Kudos

I have an odd predicament.  No one claims to have touched our SLT or HANA live system in a way that would do this (and except for the HEC team, it's a very small group of people who could do this), and no upgrades seem to have been done, but for some reason, a few weeks ago; a very useful feature was activated that no one seems to know exists.

In short, when you touch a user on the ABAP SLT server (which is not being replicated at all into HANA live), it automatically creates/adjusts/locks/unlocks the associated user on the HANA database.  e.g. If I lock a user on the SLT ABAP server, within half a second, the user is locked on HANA.

In other words, something is keeping the users on the SLT server and the HANA server in sync.

Unfortunately, it is not setting up users quite the way we need them set-up (SAML, Logon Tickets, etc); so I need to change this, but since I can't find any database triggers, queues, events, etc; that are triggering this change; I'm struggling to know what to do to address this.

The question: Does anyone know what feature is activated to do this and know where there's any documentation on it?

Note - Previously I had written a question (and solution) Replicating ERP Users to HANA Live (HEC) for Fiori to do all this manually, but obviously need to tweak this to work with this new functionality.


For reference we are running HANA 1.00.102.04.1453734118 (HEC based) and SLT server 2.0 (on a NetWeaver 7.40 system).

Thanks,

Matt

Note - Duplicate post from HANA Forum where I was advised to post here (who knew there was an SLT section of SCN!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

MattHarding
Active Contributor
‎06-02-2016 12:21 AM
0 Kudos

Hi All,

I debugged SU01 and discovered the answer is in vanilla NetWeaver functionality, and I'm guessing what has happened is someone has added an entry to the table USR_DBMS_SYSTEM, and not realised that this will then trigger the process as described in this post (wish I found this reference when I was looking into replicating users into HANA in the first place).

Thanks BJ and Amar for trying to help me get to the bottom of this.

Cheers,

Matt

Just to follow up with a picture, looks like when you activate this, a new tab appears in SU01 also (but I'm pretty sure IdM will know nothing about this so I'm probably going to have to turn this off):

Message was edited by: Matt Harding

Show replies
Show replies

Answers (1)

Answers (1)

former_member252769
Active Participant
‎05-27-2016 8:01 PM
0 Kudos

Hi Matt,

1 thing I can think of that may be USR02 is in replication from LTRS through one of the configurations.

Can u cross check?

Regards

BJ

Show replies
Show replies
MattHarding
Active Contributor
‎05-29-2016 11:53 AM
0 Kudos

Hi BJ,


That's the funny thing, the SLT is on a server where nothing is being replicated (it's running on our Gateway server replicating ERP, SRM and GRC) and it's the user on Gateway that is being synchronised.

Cheers,

Matt

Former Member
‎05-29-2016 7:42 PM
0 Kudos

Hello Matt,

I was following the thread ... if there is nothing replicating from ur SLT system how come users are getting locked

can u tell me what was th configuration and what was happenin g

Amar

MattHarding
Active Contributor
‎05-30-2016 1:15 AM
0 Kudos

Hi Amar,

That is exactly the question - what is keeping the users in sync?  What config do you want to see exactly?  Obviously table replication to ERP, SRM, GRC are of no interest since this is SLT/Gateway users being kept in sync. e.g. Locking the user in SLT/Gateway is translated to deactivating the user in HANA, so it's not simple replication we're talking about here.

Cheers,

Matt

Former Member
‎05-31-2016 2:10 AM
0 Kudos

Hello Mat,

The primary question arises here is why your SLT / Gateway users are created in HANA database?  as per my understanding there is no connection between HANA database users and the ume of the slt/gateway pretty strange and weird.

what all DB connection you have for  SLT  system? apart from the replication?

Amar

MattHarding
Active Contributor
‎05-31-2016 4:42 AM
0 Kudos

Hi Amar,

I'm hoping the primary question is enough for someone to answer this rather than investigate the set-up of this specific SLT instance. e.g. I haven't gone down the path of investigating too heavily how this works since this is obviously a feature.

That said, if no one who knows about this feature responds to this question, and I hear back from the HEC team that they haven't done anything to activate this; I'll start to do the heavy lifting and reverse engineer how this is happening (and post back on this discussion my findings).

BTW - If you have a specific transaction or web page to investigate the config for the SLT about where this feature might be referenced, feel free to let me know and I'll post back my results.

Cheers,

Matt

Ask a Question