With active Central User Administration, you still use transaction SU01 to maintain users, however user maintenance is somewhat different:
· Whether fields are ready for input or not depends on the distribution attributes that you assigned to the field in transaction SCUM. For more information, see Setting Distribution Parameters for Fields.
Only the fields that may be maintained in the system are ready for input.
You can only change a field that is to be maintained globally in the central system. This field does not accept input in the child systems.
· In the central system, the user maintenance transaction also displays the tab page Systems. Here you enter the systems to which users are to be distributed. To display the systems for the corresponding distribution model, use the possible entries help. Each time you save, the system distributes the user data to these listed systems.
· The Roles and Profiles tab pages each contain an additional column for each entry, specifying the system for which the user is assigned the role and/or profile.
With the Text comparison from child sys. Pushbutton on the Roles and Profiles tab pages, you can update the texts for roles/profiles that you have changed, for example, in the child systems. The texts in the child systems are stored temporarily so that they are available in the central system. As the comparison requires some time, it is performed asynchronously and the current texts may not be available immediately.
You can only assign profiles to users for the systems in which they are distributed. If you enter a new system when you assign profiles to users, the system displays a warning that the user was assigned a new system. The entry is automatically transferred into the tab page Systems. After this, the user master record is also distributed in the new system.
During text comparisons from child systems, the names of the generated profiles for the role are not copied to the central system, that is, only assigned profiles are displayed on the Profiles tab page (such as SAP_ALL or SAP_NEW), but no generated profiles of the roles.
All user master records are created in the user master records. Users can then only log onto the central system if the central system itself is entered in Systems tab page of the corresponding user master record.
You can display the global user data from a child system in the User Information System.
Further Information
As well as the authorizations already mentioned, you also need another authorization in the central system for object S_USER_SYS. You can only assign new systems to a new user with this authorization.
When a user is deleted in the central system, the system entry for the user is retained until the deletion is confirmed. If an error occurs, you can repeat the deletion by canceling the system (in the child system).
In the child systems, the RFC user is output as the last person to make changes. Choose an appropriate name when you set up the RFC user.
No comments:
Post a Comment