際際滷

際際滷Share a Scribd company logo

User group synchronization

Download as DOC, PDF
S
Samrat Banerjee

User groups need to be manually created in each system if they do not exist in the target system when using Central User Administration (CUA). This can lead to errors when creating users and require extra time and effort to synchronize user groups across systems. Implementing SAP Note 395841 by adding an entry to the PRGN_CUST table with a value of 'C' automates the creation of user groups in child systems when a user is created. This ensures successful user creation and synchronization of user groups, saving time and preventing errors.

1 of 2
Download to read offline
USER GROUP SYNCHRONIZATION CUA TABLE ADMINISTRATION TO ENABLE KEY FUNCTIONALITIES 1. In any landscape security team manages user administration via CUA (Central User Administration). 2. User group needs to be created manually in each system if they dont exist in the target system. 3. In the scenario described above a) user is not created in the child system b) Tcode SCUL throws error for User created in CUA system. 4. This problem is recognized by SAP as a Program error. 5. It takes a lot of time and effort to create user group manually in all the child system. 6. Also there are chances to overlook SCUL entries while completing the User creation requests ,in this case user does not access in the child system of CUA and this can lead as escalation . 7. In short more time and effort and more number of user escalation if this case is for Production environment.
Example of the above discussed case: Solution of this Issue: 1. Implement SAP NOTE 395841. 2. It involves Table PRGN_CUST (CUA PARAMETER CONTROL TABLE) 3. Add Switch (Entry) CUA_USERGROUPS_CHECK WITH VALUE 'C 4. C stands for creation of user group at run time. 5. With this entry User groups are created automatically in the child system leading to synchronization of user groups in child system with CUA and successful creation of user even user group did not exists. 6. SCUL entries with User creation error are not created anymore. 7. This saves security team lot of time and effort in the first place and most importantly it guarantees successful user creation in the child system.

More Related Content

User group synchronization

  • 1. USER GROUP SYNCHRONIZATION CUA TABLE ADMINISTRATION TO ENABLE KEY FUNCTIONALITIES 1. In any landscape security team manages user administration via CUA (Central User Administration). 2. User group needs to be created manually in each system if they dont exist in the target system. 3. In the scenario described above a) user is not created in the child system b) Tcode SCUL throws error for User created in CUA system. 4. This problem is recognized by SAP as a Program error. 5. It takes a lot of time and effort to create user group manually in all the child system. 6. Also there are chances to overlook SCUL entries while completing the User creation requests ,in this case user does not access in the child system of CUA and this can lead as escalation . 7. In short more time and effort and more number of user escalation if this case is for Production environment.
  • 2. Example of the above discussed case: Solution of this Issue: 1. Implement SAP NOTE 395841. 2. It involves Table PRGN_CUST (CUA PARAMETER CONTROL TABLE) 3. Add Switch (Entry) CUA_USERGROUPS_CHECK WITH VALUE 'C 4. C stands for creation of user group at run time. 5. With this entry User groups are created automatically in the child system leading to synchronization of user groups in child system with CUA and successful creation of user even user group did not exists. 6. SCUL entries with User creation error are not created anymore. 7. This saves security team lot of time and effort in the first place and most importantly it guarantees successful user creation in the child system.