SAP Security Online


	R/3 Security
	BW Security
	Enterprise Portal
	CUA
		CUA Installation
		CUA Tips
	Single Sign On
	SOX/ SoD
	OSS
	HR Security
	Other SAP Apps
	Solution Manager
	Interview Questions

Ad link

CUA

In complex system landscapes with multiple systems and clients, the administration cost for keeping the user master records in the systems consistent and up-to-date is very high. Employees join the company, resign, or change jobs within the company. Users must usually access several systems and clients in order to perform their business tasks, and therefore require multiple users.

Since user master records are client-specific, they must be maintained in each client of each and every system. For example, if you want to create a new user, you must create it manually in all the clients of all of the SAP R/3 Systems in which it should be valid.

User master records can be maintained centrally in one client of a system. If a new client is built as a copy of a maintenance client, the new client can initially be filled with the user master records of the maintenance client. During this copy, the roles of the maintenance client are copied together with the user master records. However, you cannot select which users should be copied and which should not. The user master records also cannot be automatically synchronized sequentially

Advantage of having CUA

Administration of a whole system landscape from one single central system
Overview of all user data in the whole system landscape
Consistent user data in the whole system landscape
Additional local maintenance still possible

CUA in separate system vs in PRD

Advantages

No performance impact on PRD system
Independence from planned downtime of PRD system
Independence from PRD system release (higher release with more functionality can be used) Maintenance activities of CUA central system (e.g. import of support packages) has no impact on PRD system
Access to user management can easily be controlled

Disadvantages

Additional hardware and administration cost

CUA in PRD

Advantages

No additional hardware and administration cost

Disadvantages

Performance impact on PRD system
No user administration during downtime of PRD system.
PRD system release determines CUA functionality (no higher release can be used)
Maintenance activities of CUA central system (e.g. import of support packages) causes downtime of PRD system
Access to user management can be controlled only if separate client on PRD server is set up

Pro & Cons: Single CUA

Advantages

Requires little resources (hardware and/or diskspace)
Consistent user master data in the whole system landscape
One single point of administration and control

Disadvantages

Maintenance of CUA central system has immediately impact on production –no test of CUA functionality possible
Unavailability of CUA central system has impact on the whole system landscape
Planned downtime of CUA central system has to be confirmed by all system owners
High volume of user data and high number of changes to user master records (e.g. caused through client copy in DEV) can result in decrease of performance of the CUA central system
Not suitable for customers where responsibilities for user administration are organizationally split based on systems

Organizational challenges

Technical CUA configuration does not match the organization of the user administration
Conflicts due to unclear responsibilities for user management
User administrators are not trained in CUA usage

Ad link

SAP Help | SAP Service Market Place | SAP SDN