ERP- SYSTEM ADMINISTRATION

Submitted in partial fulfillment of the requirements

For the award of the degree of

Master of Business Administration

In

Information Technology

Submitted To: Submitted By:

Mr. Sanjay Ojha Swati Budhwar

00911819918

Centre for Development of Advanced Computing, Noida

Affiliated to

Guru Gobind Singh Indraprastha University

Sector – 16C, Dwarka, Delhi – 110078

1
 INDEX

S.no Question Page no.

1. Explain R/3 concept and 3-Tier Architecture of SAP ERP. 3

2. Explain the installation procedure of SAP R/3 system. 11

3. Explain Client administration in R/3 system. 16

4. Explain User Administration in SAP R/3 system. Also explain Mass User 25
Creation in SAP R/3 System.

5. List out important parameters of instance profile. 36

6. Using CCMS open all the 3 profiles (Default, Instance and Start) in your 39
profile system.

7. Configure TMS in 2 system landscape and write all the steps to transport 43
the customizing request (role) from one system to another system.

8. Write all the T-codes used in CCMS Monitoring. 51

9. Suppose 3 clients are present i.e. 123,456 and 789 having 2 users in each 55
client. Establish a CUA making 123 as CUA and 456 & 789 as their child.

10. Create 2 SAP roles with defined naming convention (Y or Z) having 63

authorization for T-codes PFCG, SE10, SE11 and SE14. Also create a
composite role with existing 2 roles and assign 2 users to them.

Question-1. Explain the R/3 concept and 3-Tier architecture of SAP ERP.

2
Answer 1.

SAP R/3 is the former name of the enterprise resource planning software produced by the
German corporation SAP AG (now SAP SE). It is an enterprise-wide information system
designed to coordinate all the resources, information, and activities needed to complete business
processes such as order fulfillment, billing, human resource management, and production
planning.

The current successor software to SAP R/3 is known as SAP S/4HANA.

With the advent of distributed client–server computing, SAP SE brought out a client–server

version of the software called SAP R/3 (the "R" was for "Real-time data processing" and "3" was
for "3-tier": 1) database, 2) application server, and 3) client (SAP GUI)). This new architecture is
compatible with multiple platforms and operating systems, such as Microsoft
Windows or UNIX. This opened up SAP to a whole new customer base.

SAP R/3 was officially launched on 6 July 1992. Various releases of the software were made
through the 1990s.

A newer version of the software, with revised technical architecture, was released in 2004, and
renamed as SAP ERP Central Component (ECC). SAP came to dominate the large business
applications market. The newest version of the product is SAP ECC 6.0 Enhancement Pack 8.

SAP R/3 is a 3 tier architecture consisting of 3 layers

1. Presentation

2. Application

3. Database

In simple words, it’s a client server architecture.

 R signifies Real-time system

3
 3 represents 3-tier architecture.

4
User's PC:-  Users can access SAP system in two ways:-

1. Through SAP GUI

2. Through Web browser

It's called front-end. Only the front-end is installed in the user's PC not the application/database
servers.
Front-end takes the user's requests to database server and application servers.

Application Servers: - Application server is built to process business-logic. This workload is

distributed among multiple application servers. With multiple application servers, the user can
get the output more quickly.
Application server exists at a remote a location as compared to the location of the user PC.

Database Server: -Database server stores and retrieves data as per SQL queries generated by
ABAP and Java applications.

Database and Application may exist on the same or different physical location.

5
6
Presentation Layer:

Presentation servers contain systems capable of providing a graphical interface.

 Presentation Layer is also known as client Layer

 Presentation Layer is a user interaction

 In SAP-User interaction purpose we use GUI

 GUI stands for Graphical user interface

 Example − Desktop, Mobile Devices, laptops

Application Layer:

Application servers include specialized systems with multiple CPUs and a vast amount of
RAM.
 Application Layer is also known as Kernel Layer and Basic Layer.
 SAP application programs are executed in Application Layer.
 Application Layer serves as a purpose of a communicator between Presentation and
Database Layer.
 Application server is where the dispatcher distributes the work load to the different work
processes makes the job done.

7
Database Layer:

Database servers contain specialized systems with fast and large hard-drives.

 Database layer stores the data

 Data store can be Business data, SAP system data, SAP tables, Programs.

 Examples − Oracle, Microsoft SQL Server, IBM DB/2, Siebel, Sybase, etc.

8
Understanding the components of SAP R/3 3-tier Architecture:-

9
1. Message Server: It handles communication between distributed Dispatchers in ABAP
system.

10
2.  Dispatcher Queue: Various work process types are stored in this queue.

3. Dispatcher: It distributes requests to the work processes.

4. Gateway: It enables communication between SAP system and between SAP system and
external systems.

5. ABAP-Work processes: - It separately executes dialog steps in R/3 applications.

Some important terms are explained as follows:

1. Memory-pipes: It enables communication between ICM and ABAP work processes.

2. Message Server: It handles java dispatchers and server processes. It enables

communication within java runtime environment.

3. Enqueue Server: It handles logical locks that are set by the executed Java application
program in a server process.

4. Central Services: Java cluster requires a special instance of the central services for
managing locks and transmitting messages and data. Java cluster is a set of processes that
work together to build the reliable system. Instance is group of resources such as
memory, work processes and so on.

5. Java Dispatcher: It receives the client requests and forwards to the server process.

6. SDM: Software Deployment Manager is used to install J2EE components.

7. Java Server Processes: It can processes a large number of requests simultaneously.

8. Threading: Multiple Processes executes separately in the background, this concept is

called threading.

11
 9. ICM: It enables communication between SAP system and HTTP, HTTPS, SMTP
protocol. It means by entering system URL in the browser you can access SAP from
browser also.

Question- 2. Explain the installation concept and procedure of SAP R/3

System.

Answer 2.

Installation of SAP ECC 6.0

Follow these steps to install SAP ECC 6.0 −

Step 1 − Install database as per the requirement. Java JDK 1.4 is the minimum requirement.
Copy the software to local drive and run sapinst.exe. Set up wizard will open.

12
Step 2 − Select the service you want to install — Central System Installation > Select Service
Type – Typical or Custom > Next

Step 3 − Select the software units you want to install with ECC like Biller Direct and additional
NW software units AS ABAP, etc.

Step 4 − Enter the SAP System ID and Installation drive. SAP System ID is a unique identifier
for your SAP system. It must be unique throughout the system landscape. Enter master
password which will be used for all user accounts to be created.

13
Step 5 − Enter Database parameters like DBSID for an existing database, host name, etc.

Step 6 − Perform perquisite check. You can click OK to perform check or cancel to move to
next step.

14
Step 7 − In the next window, you have to provide the location of export files, oracle client and
kernel files > Next > Enter OS passwords.

Step 8 − Enter the central instance number, which serves as the technical identifier for
controlling internal processes such as memory. This number must be unique for this installation.

Step 9 − The system now shows you the port numbers.

Step 10 − Click Next and you will see the summary of installation.

Step 11 − Enter the Solution Manager key to continue the installation and upgrade process.

15
Step 12 − Once the installation is complete, you will receive the following confirmation.

16
Question 3. Explain about the Client administration in R/3 system.

Answer 3.

A client is used in SAP system for multiple login on single instance. You can create multiple
clients on a single instance. It also provides data security wherein, one user with one client can’t
see the data of the other user with another client. In addition, there is no need to install the
software for each and every user.

Advantages of Client Concept

Client concept comes in with the following advantages −

 You can share the same resources between multiple users.

 You can manage SAP system landscape as you can create multiple clients for DEV, QA
and PROD team.

 You can share your SAP system with a large number of users.

 You can create clients in SAP system from 000-999.

SAP system comes with the following three standard clients −

000 Client − This is called master client and is available when you install R/3 system.

001 Client − This client is a copy of 000 client including the test company. This client is used
to create new clients normally.

066 Client − This is called SAP Early watch and is used for diagnostic scans and monitoring
service in SAP system.

17
Steps to Create a New Client in SAP

Follow these steps to create a new client in SAP system −

Step 1 − Start by using transaction code — SCC4

Step 2 − To create a new client, enter the below details after clicking on New Entries.

 Client number and name

 City

 Currency, Roles

18
Step 3 − Enter your client-specific data and set permission for the clients as per your requirement
and click on Save.

Step 4 − Now, if you go to the Display Client list, Transaction SCC4 > Display > New client
will be added.

19
Local and Remote System

You can also create a copy of existing clients between local and remote system IDs.

Follow these steps to create a copy of existing clients −

Step 1 − To create a copy of a client in local SID, the transaction code is SCCL.

Step 2 − Enter the following details −

Select your desired profile, enter source client, and enter description.

20
Step 3 − By default, the client copy is executed in a single process and you can distribute the
workload on multiple processes to reduce time for copying.

Step 4 − Copying a client can take longer. Therefore, this process can be run as background job.

21
Step 5 − To check the logs, transaction code — SCC3 can be used.

Remote System

You can create a copy of client in the remote system using transaction code — SCC9. This
system uses Trusted RFC connection SM59.

Enter the details as we do for local client copy and you can select an option to run the copy in
background.

To check the logs, transaction code — SCC3 can be used.

22
Import/Export

It is always recommended to use import/export option for client copy when database size is
large.

Follow these steps to export a client −

Step 1 − Log on to target system and create an entry for new target client using transaction code
— SCC4. To perform export for transferring data files to target system import buffer, use
transaction code — SCC8.

Step 2 − Select the profile and target system. You can schedule the export process in
background. Depending on the export type, it creates multiple transport requests in the
following areas −

 To hold the cross client data.

 To hold the client dependent data.

 To hold some client dependent data.

Now, follow these steps to import a client −

23
Step 1 − To import a client, use transaction code — STMS_IMPORT, you will see import
queue.

Step 2 − Select the transport requests to perform import process that is generated from export
operation. Once import is done, you can use the transaction code — SCC7 to complete post
import phase. You can check import logs using transaction code — SCC3.

Deleting a Client

Follow these steps to delete a client in SAP system.

Step 1 − Use transaction code — SCC5 as below. Go to SAP Easy Access and run the
transaction.

24
Step 2 − Select the client to be deleted. You can select > delete in background or start
immediately. Table T000 contains all the client entries created using Transaction SCC4. You
can also select to remove table entry for the client.

Step 3 − When you select start immediately, you see the following window.

25
Step 4 − Click on Continue to complete the deletion.

26
Question 4. What are the basic concepts of User Administration in SAP R/3
system? Also explain the Mass User creation in SAP.

Answer 4.
A User Administration must be similar with the tasks and responsibilities of admin for creation,
managing and controlling access to the R/3 system and its data, and also various R/3 user types
and its data.

Must manage and create new user, groups and profiles using R/3 transaction.

Default User ids:

 User Ids Client Name
 SAP* 000 and 001
 DDIC 000 and 001
 Early Watch 066

Tools

The most important tools for user and role maintenance are listed below:

· User Maintenance (transactions SU01, SU10)

· Role Maintenance (transaction PFCG)

· Indirect role assignment using HR-ORG

· User Information System (transaction SUIM)

· Central User Administration (transactions PFCG, SM59, SU01, SCUA, SCUM, SCUG,
SUGR, SCUL)

27
Step 1 − Use transaction code — SU01

Step 2 − Enter the username you want to create, click on create icon as in the following
screenshot.

Step 3 − You will be directed to the next tab — the Address tab. Here, you need to enter the
details like first name, last name, phone number, email id, etc.

28
1

Step 4 − You will further be directed to the next tab — Logon Data.

Enter the user type under Logon data tab. We have five different user types.

29
30
The following are the different user types −

 Dialog user − This user is used for interactive system access from GUI.

 System user − This user is used for background processing, communication within a
system.

 Communication user − This user is used for external RFC calls.

 Service user − This user is created for a larger and anonymous group of users.

 Reference user − It is not possible to log on to the system with this user type. User type
for general, non-person related users that allows the assignment of additional
authorizations.

Step 5 − Type the first Login Password > New Password > Repeat Password

31
Step 6 − You will be directed to the next tab — Roles −

Assign the roles to the user.

Step 7 − You will further be directed to the next tab — Profiles −Assign the Profiles to users.

32
Step 8 − Click on Save to receive confirmation.

Password Reset

Follow these steps to reset password −

Step 1 − Use transaction code — SU01

Step 2 − Enter the username and select the change option at the top to edit the profile.

Ste
p 3 − You will be directed to the next tab — Logon Data

Step 4 − Enter the new password and click on the save icon at the top.

33
Step 5 − You will receive the following confirmation

34
Lock / Unlock a User

In SAP system, an administrator can also lock or unlock a user as per the requirement. This can
be performed for a specific time period or permanently. A user can be locked/unlocked in the
following two ways −

 Manually/Forcefully

 Automatically

Manually or Forcefully

You can lock a user forcefully/automatically using these transaction codes −

 Transaction code — SU01 for single user

 Transaction code — SU10 for multiple users

Step 1 − Execute transaction code — SU01

Step 2 − Select the user you want to lock/unlock and click on the icon.

35
Step 3 − You will now see the current status of the user. Click on lock/unlock option.

Step 4 − To lock multiple users, use transaction code — SU10 and enter the users in username
list. To select multiple users in one go, click and search you will get an option to select multiple
users at one time.

Ste
p 5 − Select the lock and unlock icon at the top as per requirement. This can be used to unlock
single/multiple users using same transaction code.

36
Mass User Creation in SAP R/3 System.

When there is a need to create multiple users with same authorization the below method is
followed:

1. Type (use) SU10 T-code as shown above

2. After Enter into SU10 T-code fill the details of users you want to create as shown above
and click on create.

37
3. After click on create it will display the above screen Fill the details like user type and
validity as shown above.

4. Fill the user related profiles in profiles tab as shown above (please follow the document
provided by your authority to fill the profiles never add the profile without permission of
your authority) and save it.

38
5. Click on yes.

6. After saving it will show the above screen click on arrow symbol beside Date.

39
It will show the passwords generated by the system as shown above we can also export those
passwords by using Export button as shown in previous screen shot after selecting export symbol
it shows some options like below choose the right one for you and save it.

Question 5. List out important parameters of instance profile.

Answer 5.

The instance profile contains the important SAP profile parameters used by the JSTART
program. These parameters apply to the whole AS Java instance. The file is located
in /usr/sap/<SID>/SYS/profile/<SID>_<instance name>_<hostname>.

You can edit this file by using a text editor (if you have a Java-only installation) or by using
transaction RZ10 (if you have a double-stack system).

Instance profiles provide an application server with additional configuration parameters to

complement the settings values from the default profile. Typically, these parameter settings adapt
the instance according to the desired resources. They also define the available instance resources
(main memory, shared memory, roll memory and so on), and how to allocate memory to the SAP
application buffers.

40
Important Instance Profile Parameters and recommended values

Parameter Name Parameter Usage Recommended Value

login/min_password_lng To set the minimum 5
password length
login/min_password_letters Minimum number of 3
characters in password
login/min_password_digits Minimum number of 1
digits in password
login/min_password_specials Minimum number of 1
special characters in
password
login/system_client Default logon client Frequently logged in client example 300
for PDR, 190 for DVR and 200 for
QAR
login/fails_to_session_end Number of permitted 3
failed logon attempts
before SAPGUI is
closed
login/fails_to_user_lock Number of permitted 5
failed logon attempts
after which the user is
locked out

41
login/failed_user_auto_unlock Automatically Unlock 0
locked user next day
rdisp/gui_auto_logout Automatic log off if a 600
user is inactive for a
specific period of time in
seconds
login/disable_multi_gui_login Restricting multiple sap If this parameter is set to value 1,
logon multiple dialog logons to

the R/3 System (in the same client and

under the same

user name) are blocked by the system:

When the system recognizes a multiple

logon, it displays a dialog

box with the options "Terminate the

current sessions" or

"Terminate this logon".

42
Question 6. Using CCMS open all the 3 profiles (default, instance or start) in
your profile system.

Answer 6.
Default Profile: One default profile is created for each SAP system, which is valid for all
application server instances. If you want to set the same value for certain profile parameters for
all application server instances, you enter the details in the default profile (e.g. name of the
database host, the computer on which the message server is running).

Note that profile parameter values set in the default profile are only evaluated if they are not
already set in the instance profile.

Configure the following profile parameters in the default profile:

Parameter Definition and Parameter Name in Profile

1: Name of the database host -

SAPDBHOST

43
2: Name of the update server -

rdisp/vbname

3: Name of the enqueue server -

rdisp/enqname

4: Name of the server for processing background processing events -

rdisp/btcname

5: Name of the computer on which the message server is running -

rdisp/msname

6: Name of the TCP service under which the message server can be reached -

rdisp/msserv

7: Name of the host on which the SNA gateway is running -

rdisp/sna_gateway

8: Name of the TCP service under which the SNA gateway can be reached -

rdisp/sna_gw_service

One cannot choose a name for the default profile. It is always called DEFAULT.PFL . The

default profile, like all other profiles, is located in the global profile directory of the SAP System.
For example, under UNIX it is located in the directory /usr/sap/<SID>/SYS/profile ( <SID> =
SAP System name). There is always one active default profile.

Default profiles are also called system profiles.

44
Instance Profile:

Instance profiles provide an application server with additional configuration parameters to

complement the settings values from the default profile. Typically, these parameter settings adapt
the instance according to the desired resources. They also define the available instance resources
(main memory, shared memory, roll memory and so on), and how to allocate memory to the SAP
application buffers.

You can choose any name for an instance profile. The SAP naming convention is as
follows: <SID>_<instancename> or <SID>_<instancename>_<hostname> .

To start application servers on several computers using identical parameter settings, you can use
a single instance profile. It is generally not necessary for each application server to have its own
instance profile. Instance profiles are also called system profiles.

Start profile:

When you start an SAP instance on a host, the start profile defines which SAP services are
started (message server, dialog, gateway or enqueue process. for example). The startsap program
is responsible for starting these service processes, and it uses a start profile to begin the startup
process.

The processes that can be started include:

 Application server

 Message server

 SNA Gateway

45
  System log send demon

 System log receive demon

Apart from the general profile parameters, such as the name of the SAP System
(SAPSYSTEMNAME), instance number (SAPSYSTEM) and name of the SAP instance
(INSTANCE_NAME), the only parameter names that are permitted in a start profile are:

 Execute_xx (xx = 00-99): To start operating system commands, which prepare the SAP
System start. For example, you can use this parameter to start the SAP-related database or
to set up links to executables on UNIX platforms.

 Start_Program_xx (xx = 00-99): To start an SAP instance, for example, on an application

server.

 Stop_Program_xx (xx = 00-99): To start an operating system command or SAP program

after the SAP instance was stopped. For example, the halting or removal of shared
memory areas that were used by the SAP System.

The number xx defines the execution sequence. The programs specified in Execute_

parameters are executed before the programs listed in the Start_Program parameters. After the
SAP instance has been stopped, the programs specified in the Stop_Program parameters are
started. To run a program on the local host, place the word ‘ local ’ in front of the relevant
parameter value:

Execute_00 = local sapmsesa 53 remove

To execute a program on a remote host, place the host name in front of the parameter value.

Execute_00 = hs0011 sapmsesa 53 remove

You can choose any name for a start profile. The start profile files generated by SAP are
structured as follows: START_<instance name> or START_<instancename>_<hostname> .

46
START_DVEBMGS53, START_DVEBMGS53_hs0311

To start the same SAP service processes on several hosts, you can use a single start profile. Each
SAP instance does not have to have its own start profile.

Question 7. Configure TMS in 2 system landscape and write the steps to

transport the customizing request (role) from one system to another system.

Answer 7.

TMS is used for performing:

 Defining Transport Domain Controller.
 Configuring the SAP system Landscape
 Defining the Transport Routes among systems within the system Landscape
 Distributing the configuration

TMS Configuration

47
Step 1: Setting up the Domain Controller
 Log on to the SAP system, which is decided to be the Domain Controller, in
client 000 and enter the transaction code STMS.
 If there is no Domain Controller already, a system will prompt you to create one. When
the Transport Domain is created for the first time, following activities happen in the
background:
 Initiation of the Transport Domain / Landscape / Group
 Creating the user TMSADM
 Generating the RFC Destinations required for R/3 Configurations, TMSADM is used as
the target login user.
 Creating DOMAIN.CFG file in usr/sap/trans/bin directory – This file contains the TMS
configuration and is used by systems and domains for checking existing configurations.

Step 2: Transaction code STMS

48
49
50
Step 3: Adding SAP systems to the Transport Domain

Log on to SAP systems (to be added in the domain) in client 000 and start transaction STMS.

TMS will check the configuration file DOMAIN.CFG and will automatically propose to join the
domain (if the domain controller already created). 'Select' the proposal and save your entries.

For security purpose, system status will still be in 'waiting' status, to be included in the transport
domain.

For complete acceptance, login to Domain Controller System (Client 000) -> STMS ->
Overview -> Systems. New system will be visible there. From the menu choose 'SAP System' ->
Approve.

51
Step 4: Configuring Transport Routes

1) Transport Routes – are the different routes created by system administrators and are used to
transmit changes between the systems in a system group/landscape. There are two types of
transport routes:

Consolidation (From DEV to QAS) – Transport Layers are used

Delivery (From QAS to PRD) – Transport Layers not required

2) Transport Layer – is used to group the changes of similar kinds, for example, changes are
done in development objects of same class/category/package, logically should be sent through
same transport route. Therefore transport layers are assigned to all objects coming from DEV
system. Layers are used in Consolidation routes, however after Testing happens in QAS, layers
are not used and the changes are moved using single routes towards PRD system.

Setting up Transport Routes

Once the Domain and other systems of a landscape are defined, we need to connect them with
the help of proper transport routes (and layers). As for many customers' systems landscape fall
into the same categories, the TMS provides some standard system groups that can be used for
easily defining routes.

52
Transport Routes – Standard Configuration

Steps for Transporting of Request from one system to another:

Step1: Go to T-Code STMS

Step2: Enter F5 (Truck button)

53
Step 3: Select the target system to which the Transport request has to be imported. Double click
on the system.

Step 4: Search for the TR number to be imported.

Note: Select only the corresponding TR number and press ‘Import Request’ button (Half

truck).

54
Finally you can check in the target system.

55
Question 8. Write all the T-codes used in CCMS Monitoring.

Answer 8.
1. DB12
Backup Logs Overview
Transaction code DB12 is to collect and present information that is necessary to monitor
database backups. It is an important source of information for the database administrator
who has the task of supervising the execution of a defined backup strategy.
On the initial screen of the monitor, it shows overview of important information related
to SAP database backups.
• The last successful backups for the SAP, master and msdb databases and transaction
logs.
• The last SAP database size and duration of the backup job.
2. SM51
SAP Server Overview
Transaction code SM51 is to display list of active application servers that
have registered in the SAP message server. Further, you can manage & display
the status, users and work process in all application servers belonging to the SAP System.

3. RZ20
CCMS Monitoring Alert
RZ20 is a transaction code used for CCMS Monitoring in SAP. It comes under the
package SMOI. When we execute this transaction code, RSALSTMO is the normal
standard SAP program that is being executed in background.

56
4. SM13
Administrate Update records
SM13 is a transaction code used for Administrate Update Records in SAP. It comes
under the package STSK. When we execute this transaction code, SAPMSM13 is the
normal standard SAP program that is being executed in background.

5. SM21
System Log Analysis
Transaction code SM21 is used to check and analyze system logs for any critical log
entries. The SAP System logs is the all system errors, warnings, user locks due to failed
log on attempts from known users, and process messages in the system log.
6. SM37
Background and Batch jobs
Transaction code SM37 is to monitor the background, batch jobs running in the
system. From the initial screen, you can search by the job name, user name or program
name accordingly with the time condition.

7. SM12
Display and Delete Locks
SM12 is a transaction code used for Display and Delete Locks in SAP. It comes under
the package SENQ. When we execute this transaction code, RSENQRR2 is the normal
standard SAP program that is being executed in background.

57
8. SM04/AL08
User List
Transaction code SM04 shows the list of the users which are logged on to the instance in
which are currently logged in. The total number of users and sessions are given at the
bottom of the list.

9. SP01
Output Controller
SP01 is a transaction code used for Output Controller in SAP. It comes under the
package SPOO. When we execute this transaction code, RSPOSP01NR is the normal
standard SAP program that is being executed in background.
10. SM35
Batch Input Session Overview
SM35 is used to monitor the batch sessions that are created by the users from different
modules transactions. In this transaction we can start the processing of a session, release a
session that has stopped with error and delete a session if required

11. ST22
ABAP Runtime Error

58
 Transaction code ST22 is used to lists the ABAP dumps generated in the system, we can
restrict for a date, user as required. This each record indicates the reason for the error,
transaction code, variables that caused the error.
12. ST03
Workload and Performance Statistics
ST03 is a transaction code used for Workload and Performance Statistics in SAP. It
comes under the package SAPWL_FRONTEND. When we execute this transaction code,
SAPWL_ST03N is the normal standard SAP program that is being executed in
background.

13. ST02
Tune Summary
Transaction code ST02 is used to display the current status of memory resource usage for
a specific SAP application server. Eg: Hit Ratio – The percentage of data accesses that
are satisfied by the buffer and do not require database accesses.
14. AL02/ST04
Database Alert Monitor
The transaction AL02 (Database alert monitor) is a standard transaction in SAP ERP and
is part of the package STUN. It is a Report Transaction and is connected to screen 1000
of program RSSTAT27.

15. AL16/OS06
Local Alert monitor for Operating System
Transactions OS06 and OS07 are used to monitor the operating system of
the application server (OS06) and of a remote server (e.g. live Cache server - OS07).
These transactions replace Transaction ST06. Normally no SAP instance is installed on
the live Cache Server.

59
Question 9. Suppose 3 clients are present i.e. 123, 456 and 789 having 2 users
in each client. Establish a CUA making 123 as CUA & 456 and 789 as their
child.

Answer 9.

1. Create Administrator User

In a completely new system that is to be set up, an administration user needs to be created with
which all further steps can be performed. To create such administrator user:

 Login to all systems with user SAP* and create the user in t-code SU01

 Assign the relevant administrator role to user

 Apply the security measures to secure SAP* user against misuse

2. Specify Logical system

In CUA landscape, SAP systems are identified with Logical system names. Due to this, Logical
systems need to be created for every system which is going to be included in CUA landscape.
This is one time task to be performed before setting up CUA. The Logical systems can be
defined be following below steps:

 Login to system ABC (client 123) with administrator user created in step 1

 Go to t-code BD54 You can; alternatively maintain the table view V_TBDLS using
transaction SM30.

 Choose Edit and make New Entries

60
  In the LogSystem column, create a new logical name in capital letters for every CUA
system (that is, for the central and all child systems including those from other SAP
Systems). Here, the standard naming convention for logical system is <System
ID>CLNT<Client>. In this way, the below logical systems will be created in CUA
central system (ABC system):

o ABCCLNT123

o PQRCLNT456

o XYZCLNT789

In the same way, create the logical system name for the central system in all child systems.

3. Assign logical systems to client

We need to perform this cross-client procedure only once for each SAP system as per below
procedure:

 Login with administrator user and execute the t-code SCC4

 Switch to change mode

 Call the detail display of the client that you want to assign a logical system by double
clicking on the line of the client

 In the Logical System field, specify the name of the logical system to which the selected
client is to be assigned

Ex: – If we execute the t-code SCC4 in system ABC then, open the client 123 and maintain the
logical system name as ABCCLNT123

61
 4. Create system users

System users are required for the internal communication of the systems in an ALE group. These
system users, defined in the target systems, are entered in RFC destinations in the calling
systems.

To simplify the maintenance of system users, use the following naming conventions:

 In the central system (system ABC), the naming convention will be CUA_<system Id>.
This system user is used in the RFC destinations from child to central system. With this naming
convention, we need to create the system user in system ABC with name: CUA_ABC

 In the child systems, the naming convention CUA__<System Id>_<Client>. These

system users are used in the RFC destinations from central to child system. With this naming
convention, we need to create the system users as below:

Below are SAP delivered roles for system users which need to be copied to customer namespace
before assigning them to system users.

Roles in Central system:

 SAP_BC_USR_CUA_SETUP_CENTRAL

 SAP_BC_USR_CUA_CENTRAL

 SAP_BC_USR_CUA_CENTRAL_BDIST

Roles in child system:

62
  SAP_BC_USR_CUA_SETUP_CLIENT

 SAP_BC_USR_CUA_CLIENT

With these details, we need to create the respective users with their applicable authorizations in t-
code SU01 as below:

5. Create RFC destinations

Till this step, we are ready with Logical systems and system users. Now, we need to create RFC
connections between the systems as mentioned in below steps:

 Login to central system ABC, execute the t-code SM59 and Choose Create.

 Enter the following data:

63
  Confirm your entries with ENTER

 Choose the option Host Name for Save as and Confirm your entries with ENTER

 Specify the name of the SAP system of the child system (such as PQR) in the target
system ID field. To do this, overwrite the automatic entry.

 Specify the message server of the target system in the MessageServer field. To do this,
overwrite the automatic entry.

 Save your entries.

 To define the return connection, repeat the procedure in the child system for the central
system

 To determine whether the network connection between the two systems is functioning
correctly, choose Test Connection.

In this way, we have created the RFC connections (with names identical to Logical system name
of target system) in each SAP systems.

6. Create CUA

Now, we will define the system ABC as CUA in this landscape as detailed in below steps:

 Login to system ABC and execute the t-code SCUA

 Enter the name of your distribution model, such as CUA.

 Choose Create.

 Enter the name of the child systems viz. PQRCLNT456 and XYZCLNT789

64
  Save your entries.

In this way, we have defined the system ABC as central system. After completion of this step,
you can no longer create user master records in the child systems.

7.  Set field distributor parameters

In Central User Administration, we can use the distribution parameters in transaction SCUM to
determine where individual parts of a user master record are maintained.

 In the central system

 Locally in the child system

 In the child system with automatic redistribution to the central system and the other CUA
child system

Every input field of the user maintenance transaction SU01 has a field attribute that you set once
in the central system with transaction SCUM during Customizing. To perform this customizing,
perform the below steps:

 Login to system ABC and execute the t-code SCUM

The system displays the User Distribution Field Selection screen, with tab pages of the fields
whose distribution parameters you can set. You can select the following options on the tab pages:

65
 SAP Set field distributor parameters

 To maintain the other parameters, too, switch to the other tab pages. The tab pages
correspond to those of user maintenance.

 Save your entries. The distribution parameters are automatically transferred to the child
systems.

8. Synchronization of company addresses

The company addresses are maintained in individual systems PQR and XYZ. To enable CUA to
communicate properly you must ensure that at least the central system contains complete
information about all valid company addresses. You then distribute this complete company
address set to all child systems, meaning that there is a consistent status of company addresses in
the entire CUA.

Steps:

 Login to central system ABC and execute the t-code SCUG

66
  Select the first child system PQR and choose Synchronize Company Addresses in the
Central System

 Process all sub lists for the address categories in succession and repeat the above steps for
system XYZ

 Choose Back to start the address distribution from the central system.

 Choose  Distribute Synchronized Company Addresses to target

Systems icon.

9. Transfer Users

As soon as we have configured the CUA, the users from child systems need to be transferred to
Central system so that we can see their authorization details (such as roles to be assigned to users
for child system and the roles assigned to them). The procedure is given in below steps:

 Login to central system ABC and execute the t-code SCUG

 Place the cursor on central system name appeared on the screen and click on the Transfer
Users.

 The system displays the following tab pages:

67
SAP Transfer User

 Select all new and changed users and choose Transfer Users.

 Perform the above 2 steps for child systems PQR and XYZ

 After you have completed the user transfer, remove the roles
Z_SAP_BC_CUA_SETUP_CENTRAL and Z_SAP_BC_USR_CUA_SETUP_CLIENT
from the system users.

At this stage, the CUA set up is completed.

68
Question 10. Create 2 SAP Roles with defined naming convention (Y or Z)
having authorization for t-codes PFCG, SU10, SE11 and SE14. Also create a
composite role with existing 2 roles and assign 2 users to them.

Answer 10.

Procedure of creating SAP Roles:

       1. To start role maintenance, either choose Create Role in the SAP Easy Access transaction
or Tools → Administration → User Maintenance→ Role
Administration→ Roles (transaction PFCG).
       2. Enter the name of the role.
Roles delivered by SAP start with the prefix "SAP_". For your own user roles, instead of
using the SAP namespace, use the customer namespace. This means that the prefix is "Y_"
or "Z_".
You cannot tell from the names of the delivered roles whether they are single or composite
roles. You should therefore create a naming convention for your roles so that you can
differentiate between single and composite roles.
       3.  Choose Create.
       4.  Create a more detailed description of the role including, for example, the activities
contained within it. You can create role documentation that can be displayed with HTML
in the Knowledge Warehouse, and then assign it to the role by choosing Utilities → Info
Object → Create assignment. The user can then call the documentation by choosing Show
Documentation or Documentation for the role.
You can use an existing role as a reference to extend the authorizations of the user. For
more information, see Derive roles.
       5.  You can assign transactions, reports, and Web addresses to the role on the Menu tab
page. The system automatically creates the authorizations that you can set on

69
 the Authorizations tab page from the transactions that you store in the menu structure of
the role.

So that you can call the transactions in another system in a role, enter the RFC destination
of the other system in the Target system field. If the Target system field is empty, the
transactions are called in the system in which the user is logged on.
You should only use RFC destinations which were created using the Trusted System
concept (Trusted System: Trust Relationships between SAP Systems) to guarantee that the
same user is used in the target system. This is only necessary, however, if you want to
navigate using the Easy Access Menu in the SAP GUI.
       6. To generate the profile for the role, choose Change Authorization Data on
the Authorizations tab page.
An input window may appear, depending on which activities you selected. You are
prompted to enter the organizational levels. Organizational levels are authorization fields
which occur in a lot of authorizations (an organizational level is, for example, a company
code). If you enter a particular value in the dialog box, die authorization fields of the role
are maintained automatically.
The authorizations which are proposed automatically for the selected activities of the role
are displayed in the following screen. Some authorization have default values.

If you want other functions in the tree display, such as copying or collecting authorizations,
you can show them with Utilities → Settings.
         a.      Generate an authorization profile for the authorizations. To do this,
Choose Generate. You are prompted for an authorization profile name. A valid name in the
customer namespace is proposed.
                            b.      Leave the tree display after the profile generation.
If you change the menu and then call the tree display for the authorizations again,
the authorizations of the new activities are mixed with those for the existing
authorizations. There may then be a few yellow traffic lights, because there are

70
 authorizations in the tree that are incompletely defined. You must either manually
assign values to these, or if you do not want to do this, delete them. To delete an
authorization, deactivate it first and then delete it.
You can add general authorizations, such as spool display or print with authorization
templates to the existing data. Choose Edit → Insert authorizations → From
template. Choose a template (SAP_USER_B – Basis authorization for application
users or SAP_PRINT – print authorization). You can also create a separate role for
clarity.
       7.      You can also assign users to the role immediately.
       8.      Save your entries.

CREATING COMPOSITE ROLES:

1. In the role maintenance in the Role field a name should be entered (transaction PFCG).
The names of simple and composite roles are not distinguished by the SAP System. To
distinguish between simple and composite roles, own naming convention should be
adopted.

2. Create collective role should be chosen.

3. In the following screen the composite role should be defined.

4. The entries should be saved.

5. In the Roles tab page the roles in the composite role should be entered. With the possible
entries help all the simple roles in the system can be displayed. Composite roles cannot
be included in a composite role.

6. In the Menu tab, the role menus which you read in with Read menu can be restructured.
The menus of the roles do not get affected by this.

71
 7. The users’ names individually in the Users tab should be entered (manually or from the
possible entries help) or Selection should be chosen. The selection criteria should be
defined (such as all users in a user group)

Detailed user information is displayed if a username is selected and Display is chosen. Compare
users should be chosen. After the comparison update the user data.

ASSIGNING USERS TO A ROLE:

  Choose Tools → Administration → User maintenance → Roles (transaction PFCG).
       2.      Specify the role to which you want to assign one or more users.
       3.      Choose the User tab page.
The status display on the tab page tells you whether users have already been assigned to the
role.

 Red: No users assigned

 Green: At least one user assigned
 Yellow: Although users are assigned, user master comparison is not current

For composite roles, the status display refers only to the assignment of users.
       4.      Enter as many user IDs as desired in the list.
Enter the user IDs either directly or from the possible entries help. You can make a
multiple selection with the Select pushbutton, such as all users in a user group.
You can specify a validity period for the assignment in the other columns. When you
assign users to the role, the default start date is the current date and the default end date is
the 31.12.9999. You can change these default values.
       5.      Perform a user comparison if necessary.

72
The generated profile is not entered in the user master record until the users have been
compared. Changes to the users assigned to the roles and the generation of an authorization
profile also require a comparison.
You must then perform a user comparison on the User tab page, to automatically enter the
generated authorization profiles in the user master record for the assigned users.
If you do not want to restrict the assignment validity period (current date until 31.12.9999),
no further action is required. If you want to limit the validity period, you must periodically
schedule the report transaction PFUD daily to update the user master records. It must also
be scheduled if you use the organizational management.

73