What are the user groups and how can we use them?Transaction SUGR - have a look. Purpose for example is to give certain system admin rights to unlock / change password only to a given user group. You assign user group to an user id via SU01. User group can be used for different reasons and in different way. In the latest versions of SAP, actually two types of usergroup exist, the authorization user group and the general user groups. Naturally the main reason of user groups is to categorize user into a common denominator. The authorization user group is used in conjunction with S_USER_GROUPauthorization object. It allows to create security management authorization by user group. e.g. you can have a local security administrator only able to manage users in his groups, Help-Desk to reset password for all users except users in group SUPER, etc... The general user group can be used in conjunction with SUIM and SU10, to select all the users in a specific group. User can only be member of one authorization user group but several general user group. One of the Primary uses of user groups is to sort users into logical groups. This allows users to be categorised in a method that is not dependent on roles/AG's/Responsibilities/Profiles etc. User Groups also allow segregation of user maintenance, this is especially useful in a large organisation as you can control who your user admin team can maintain - an example would be giving a team leader the authority to change passwords for users in their team. The most important factor identified is that the lack of user groups is an indication that there may be problems with the user build process. This is very "fuzzy" but is a bit of a warning flag. The Auditors job is to provide assurance that SAP is set up and administered in a way that minimises risks to the financial data produced. If the only thing they have picked up on is the lack of usergroups then you will be fine. If you are in any doubt whatsoever ASK THE AUDITOR. They would have produced a report listing why they feel there is a risk by not having User Groups implemented. If you feel that the risk is mitigated by other measures then let them know. It works best as a 2 way process and both parties can learn something. Transport tables between clients How can I create multiple User Id at Random We usually created Id though SU01.Use report RSCLCCOP to transport user master records. Mass Maintenance of user profiles Goto transaction code SU10 Select your SAP User by Address data or Authorization data. then hit the 'copy all' button. Yes you can. This will then show you the contents of the table in both clients and identify the status of each record. Can I create multiple user id having same profile at once. make sure your client setting (SCC4) is enabled with ' X eCATT and CATT allowed'. then back out with the green arrow. The simplest way is to go into the table through SM31 Then in your top row of buttons there should be one called 'utilities' from here select 'adjust'. and save your table. then hit the 'adjust' button. use tcode SCAT. With the users you want to change selected. First. profiles and authorizatons between clients in an R/3 system. comparison client entry L Entry only exists in logon client R Entry only exists in comparison client Identical entries (M) Differences only in hidden fields You should be able to scroll down the table. click :User -> Change -> Profiles Filled in the Profiles and click save. Start RSCLCCOP from the target client which the users and authorizations should be copied. I have identified which entries I need to copy through running RPULCP00 but I don't know how to move the entries. select the entries that you want to import. Just in case your Production disabled this. it only one by one. . Copying table entries from client 000 I need to copy table entries from client 000. they will fall into the following categories: ML Differences. Do not use this report if the target client contains some users and authorizations you want to preserve. logon client entry MR Differences. Then select the client that you want to compare/copy from (you need to have an RFC destination set up). Choose the right field example user id (BNAME) and choose button 'Insert Import Parameter (F6)' and you may click Next Screen to 'watch' what have been recorded and proceed to choose several other objects like password field (PASSWORD1.. Then last one. . If you happen to choose the wrong object. then you can reset back (Edit -> Reset Parameterization). When it prompts to enter Transaction code... example ZCREATE_NEW_USER.I noticed you said the profiles are all the same.Test case must start with Z. Then you need to click 'Goto -> Variant -> Export' and save it.. user sap* does not exist. Once done.6C) this to create thousands of user ids and also thousands of roles/profiles (pfcg). you need to create a simulation (test case) of creating new user id by calling tcode SU01 later.. the following message is displayed. processing mode chose Background.but still useful.indeed. key in SU01 (if for roles.. Once done. . Then you will see an object for each fields that you run from SU01. At this moment don't use tcode SU01 bcoz you may interrupt the simulation.Then. key-in PFCG) and begin recording. . I have done (Sap 4. As usual in SU01 create 1 user id. and choose Record button on top. Create this case. class (example ZDEV) if you want to transport it later. choose Back and save this case. Okay. I heard with Sap 4. . Save and close.Save and choose Local if you dont want to transport it or choose a dev. roles. . Wait for the logs. dept and password only.no need to enter the roles/profiles. get back to SCAT and click button execute.. group field etc. Then this is much easier.You will see a clock on the bottom which means the recording process is on going. roles field (AGR_NAME). PASSWORD2). Then key -in Object as example SU01. Note .. just duplicate this ID and change the name. After that use Ms Excel to open it and begin inserting all other user ids. Changing the default password for SAP* You are trying to change the password for sap* user. Remember to close this file because SCAT will use it. group and so on.. If you see reds then error was happening. password.. .Go back and click Change button.Make sure you press Enter on each field because we want to capture the value/object and SCAT is a bit stupid if you become familiar later. You may see so many junk fields captured and this is because SCAT records every steps/dialogs. click Back button and press End button to end the recording. Then double click the Object to begin inserting parameters.first stage has finished.. put title and choose component as BC (basis components). choose external file 'the one you created with Excel' and execute. Hoping this will help you.7. dept field. the SCAT has so many extra features. however when you go into su01 and enter sap* as the user name. the default password is 07061992 (which is. There is also a profile parameter which can override the use of SAP* with PASS to close this security hole in SAP (login/no_automatic_user_sapstar).spam spam(Support package manager) --> package level . you can sign in to the client you want and simply define it using transaction SU01 and. is delivered with SAP and is available in clients 000 and 001 after the initial installation. In these 2 clients. Where '***' means your client no. if you delete it. as the user information is copied at the end of the process.You can delete the SAP* user using ABAP code :Delete from usr02 where bname = 'SAP*' and mandt = '***'.don't change anything while it's running). Then login to your client using password SAP* and password PASS However. assign it to the SUPER user group and give it the SAP_ALL profile. the initial date when R/3 came into being. Anyway. The only way to reactivate the kernel-defined SAP* userid at this point would be to stop SAP.. the password defined in the SAP code for SAP* is PASS. as I stated above. disp+work). You define its initial password at this point.. SAP*. from the database. If you've forgotten its password and don't have a userid with sufficient authorization to create/change/delete userid. The default password for SAP* is 06071992. When this parameter is defined either in your DEFAULT. SAP*. If you delete the userid.). and then restart SAP. change this parameter to a value of 0 (zero). This is necessary when you are performing client copies for example. by the way. SAP has this userid defined in its kernel (the SAP executable code that sits at the operating system level.e. if the SAP* userid is missing.PFL profile or the instance-specific profile and is set to a value of '1'. You can sign into the client you are creating while a client copy is processing using SAP* with password PASS (but you should have a good reason to do this . It is given the SAP_ALL user profile and is assigned to the Super user group. (DDIC has 19920706) Finding the current patch level ou can use either of these two methods: 1: Follow the path System --> Status --> Component Information (The Magnifying glass button in the SAP System Data section) 2: Use the Transaction code ---.. then it will automatically created once again with password PASS The userid. then the automatic use of SAP* is deactivated. i. When this situation exists. I mean that the userid resides in the SAP database. then you can use the SQL statements to delete it from the database and then you can use SAP* with PASS to sign back into the client you want to define it in and recreate it. there are actually rows in the user tables used to define userids. When I say it is "delivered" with SAP. . Exit from SQLPLUS 7. system gives message that ' Client locked temporarily'.The client will be available for users DDIC and SAP*. If you Logical system name is SIDCLNT100 for dev then create RFC connection to DEV with same name SIDCLNT100. shut it down first. 2) Attach Logical system to clients using Same. press F8 or test run (single run). If any other user tries to login. Specify the client and execute(F8). Give command: SQLPLUS "/as sysdba" If its giving message connected to idle instance then proceed: 3. 4. How to lock and unlock the clients 1) To lock or unlock a client in R/3 System. then try starting SAP. Open command prompt 2. Enter the function module as SSCR_UNLOCK_CLIENT 3. 4. run the following function modules in transaction se37 2. Try stopping the database: shutdown immediate. Run transaction SE37 2. 5. 3) Create RFC connection to relevant systems with the same name as logical system name . Create user CUA_QUA_200 in quaclnt200 system. 4) Let us suppose you Central system: DEVCLNT100Child system: QUACLNT200 5) Create user CUA_DEV_100 in devclnt100 system 4. Then first check what database process is up and running. 6. SSCR_UNLOCK_CLIENT (to unlock the client) Run these functions with a client input which is to be locked/unlocked.Steps to Start Your Database After Kernel Upgrade Do these steps to start your database: 1.. SSCR_LOCK_CLIENT ( to lock the client) 3. Run command on command prompt: R3trans -d Check the results whether its still giving error or if it completed with 000 return code. Central user administration Here is the procedure for Central user administration configuration in a landscape: 1) Create Logical systems to all clients for the landscape using BD54 or SALE ascomfortable. Follow similar procedure for locking the client. This function set flag '' Client is locked temporarily for client copy" in client maintenance menu. Give command: startup open If its giving error that database is already open. To unlock the client 1. Follow the above steps.. Follow step 3 again after shut down the database. If problem messages are displayed here. Procedure.. on the initial screen of transaction SCUG. In the Receiving System field. Start report RSCCUSND (for example. 4. Enter the name of the distribution model: CUA Press create Enter ALL Child system RFC¶s Save your entries now result screen will appear If you expand the nodes for the individual systems. Use You can use the report RSCCUSND from the central system of Central User Administration (CUA) to synchronize the master data of selected users with a child system of the CUA. To do this. . Specify the data that you want to distribute under Distribution Options.ALE distribution model was saved. using transaction SA38). you normally see the following messages for each system: . Run OS commands in GUI What a interesting piece of information now you can run os commands from SAP GUI.. Choose Execute. Just run report RSBDCOS0 in SA38 and enjoy . The report sends the master data (including role and profile assignments) to a child system of the CUA.You can use transaction SUCOMP to administer company address data. 1.. If master data exists in the child system for the user sent. .Central User Administration activated.. it is overwritten. as with the synchronization of the company addresses. 5. specify the child system to which you want to send the user data. 5) Now logon to central system and execute tcode scua to configure cua. You can use the fields User and User Group to restrict the number of users.You can use transaction SCUG in the central system to perform thesynchronization activities between the central system and the childsystems by selecting your child system on the initial screen of transactionSCUG and then choosing Synchronize Company Addresses in the Central System After you have synchronized the company addresses. How to List All the T-codes For a Role in SAP ? Here I am sharing the procedure more-over its a trick to get all the t-codes from a Role. follow the procedure in SAP Note 333441: 6) Setting the Parameters for Field Distribution Enter Tcode SCUM in central system following screen will appearNow maintain your filed distribution and save it. you can transfer theusers from the newly connected child systems to central administration. using transaction SCUG in the central system..Text comparison was started.Create RFC¶s to child systems from central and central to child. 3. and . This is done. select your child system and choose the Copy Users to the Central System button. 2. copy that Key and paste it in the SAPINST screen when it prompts for Sol man Key. check Automatic Work Flow Customizing 2) SUCOMP : User Company Address Maintain 3) STZAC: Customizing Time-Zones 4) SWF_XI_CUSTOMIZING:Automatic Work Flow Customizing For XI 5) SXMB_ADM:Integration Engine Administration 6) SOST :SAPConnect Transmission Request Overview With Log 7) SMSY: In Solution Manager To Define System 8) DSWP:In solution Manager To Check EWA / MOPz Solution Manager Key Generation Hi All. 2)Enter the System Name i. SID (3 chars) 3)Product = SAP ECC (select from the list) 4)Product Version= ECC 5... To Generate Solution Manager Key Execute T-code SMSY in Solution Manager system. SAP T-Codes Here I am sharing List of T-codes that can help you lot in case you are facing some Problems. goto se16 enter agr_1251 and click on data browser button enter the role name in agr_name field and enter tcd in FIELD field Then click on execute button or press F8 to execute and you will see the list of tcodes for that role.e. 7)Enter the Server Name(hostname) 8)Finally click on Generate "Installation/Upgrade Key Button " The system generates a Key . 1) SWU3:RFC destination warning in workflow custom.0 (select from the list) 5)Save the entries.To find all tcode for role along with the tcode that are present in the tcd field. you need to do the following steps: 1)Create a system by right clicking on System entry and select Create new system. 6)Select Menu Item "System--->Other Configuration" and enter the SID which you have created earlier. How do you add your company logo in sap screen Steps to add company s LOGO Transaction code SMW0 Select Binary data for WebRFC application press Enter Click Execute . File type is BIN. Step 2. your logo will be shown in the Binary data for WebRFC. execute function module RS_MANDT_UNIQUE_SET / (Transaction SE37).gif RESIZE_IMAGE NO Logoff and Login again Now you can see the Logo Table/View SSM_CUST BW Client Activation teps for activating newly created client in BI 7.Enter the new client (300) as value for parameter i_mandt. enter default client (300) in the field BWMANDT of the tableRSADMINA (Transaction SE16).Obj. If successful.gif Description : Company Logo Click Import and specify the filename where your GIF file is located.Click Settings -> Maintain MIME types Click the Create button Fill in :. Step 3.0: Step 1. How to change the title of transaction code . name : zlogo.TYPE : image/gif EXTENSION : .GIF Click Save Click Back to the Binary data for WebRFC Click Create Fill in :. Now run Transaction code SM30 Click Maintain Click New Entries Name Value to be set START_IMAGE zlogo. Finish press the Transfer button. change the profile parameter login/system_client to 300(Transaction RZ10 > Default profile). How to Reset Buffers in Sap ? Hi Friends.On the top left Menu of the screen Click Translation > Short texts > Transactions For example. The steps are as follows: Goto tcode SE63 . . Mass User changes) you want for the transaction code. But Keep n mind Resetting of the buffers could change the performance of the entire system /$DYNP /$SYNC /$CUA /$TAB /$NAM reset the screen buffer of the application server resets the buffers of the application server resets the CUA buffer of the application server resets the TABLE buffers of the application server the nametab buffer of the application server Installing two Oracle databases on a host Hi Team. fill in the following information: Transaction code Source Language Target Language SU10 English English To change the Title. click the Edit button. On the first screen. Here i am sharing the experience of installing two oracle database on same host. type in the Title (For e.g. Click the Save button Now. you may need to change the Title of the SAP Transaction code to a more meaningful one.Sometimes. Some-time its needed to reset some buffers in SAP For performance issues So here iam sharing the differnt buffer cleanup T-codes. On the second line (the one in dark yellow). assuming you want to change the title of the t-code su10 from user maintenance: Mass changes Initial Screen to Mass User changes . call up the transaction code /nSU10 again and you should be able to view the new Title. ora ################ # Filename # Created # Name # Date : listener.ora so you have to follow this approach dbsid1 existing Database dbsid2 New Database Changes in listener.there are some problems with listener.WORLD) ) (ADDRESS= (PROTOCOL=IPC) (KEY= dbsid2) ) (ADDRESS = (COMMUNITY = SAP.ora and tnsnames.: created by SAP AG.: ################ LISTENER = (ADDRESS_LIST = (ADDRESS= (PROTOCOL=IPC) (KEY= dbsid1.WORLD) (PROTOCOL = TCP) (HOST = DBHOSTNAME) (PORT = 1527) .After installing new database my first database won t come up.ora for more than one database .WORLD) ) (ADDRESS= (PROTOCOL=IPC) (KEY= dbsid1) ) (ADDRESS= (PROTOCOL=IPC) (KEY= dbsid2.: .0A . R/3 Rel. >= 4. : LOCAL_REGION.: ################ dbsid1.) ) STARTUP_WAIT_TIME_LISTENER = 0 CONNECT_TIMEOUT_LISTENER = 10 TRACE_LEVEL_LISTENER = OFF SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SDU = 32768) (SID_NAME = dbsid1) (ORACLE_HOME = ORACLE_HOME_dbsid1) (PRESPAWN_MAX = 10) ) (SID_DESC = (SDU = 32768) (SID_NAME = dbsid2) (ORACLE_HOME = ORACLE_HOME_dbsid2) (PRESPAWN_MAX = 10) ) ) and tnsnames.world) (PROTOCOL = TCP) (HOST = DBHOSTNAME) (PORT = 1527) .ora should be like this: ################ # Filename # Name # Date : tnsnames.world .ora .world = (DESCRIPTION = (SDU = 4096) (ADDRESS_LIST = (ADDRESS = (COMMUNITY = sap. 3) Check for Activate SAP ECC Extension 4) Select Business Function Set as SAP oil and Gas. 5) Change Status Of All the business function to ON.) ) (CONNECT_DATA = (SID = dbsid1) (GLOBAL_NAME = dbsid1. For more clarity follow SAP Note 98252 Activating Industry Specific Solutions and Short Text Conversion A. IS RETAIL. 2) Click On SAP Reference IMG button.world) ) ) dbsid2. IS MILL. IS MEDIA): 1) Go to T-code SPRO.world) ) ) I think it will help you.world) (PROTOCOL = TCP) (HOST = DBHOSTNAME) (PORT = 1527) ) ) (CONNECT_DATA = (SID = dbsid2) (GLOBAL_NAME = dbsid2.Activating Industry Specific Solutions Like(IS OIL.world = (DESCRIPTION = (SDU = 4096) (ADDRESS_LIST = (ADDRESS = (COMMUNITY = sap. . . 5) Please note that the report must be executed in every system separately. Nevertheless the reset of the buffers is necessary. Https:hostname:port/studio 3) A pop-up window will come Provide username:Administrator(Same as shown Capital A and all other small ) Password:You provide at the time of installation 4) Click on instances and then Create 5) Provide Info as Password for Administrator Database user (Please note that password of DB user should not be contain @ in password string) 6) Give The Path for brtool profile parameter Oraclehome/database/init. article and site in SAP Retail).(Running in background) B. 1) Log on to your SAP system. in other components you will find the more universallyemployed terms product and location. Here i am sharing the procedure to run and use BRTOOL STUDIO 1) To Run Studio Go to Studio home and run server..sap 7) Finally click on Go(Left Side) .6) Accept Prompt For LicenseSO Add-on Has been Activated. Please note: Resetting buffers can significantly change the performance of the entire system. Do not check CL_FORCE and UP_FORCE because they are reserved for SAP internal services. Short Text Conversion: While SAP ECC or SAP R/3 uses terms that are linked to its industry sectors (material and plant in production. reset the text buffers by entering /$SYNC in the command line. LOG IN TO BR*TOOL STUDIO Hi ALL. 3)Run the report in background (F9). 4) After the job finished. client 000 as user SAP*.cmd 2) To Access it go to url. 2) Start report RSBRAN03 and fill the selection fields as follows: BRANCHE: ISR LANG: All other fields remain default. check status .control files. So. If only all the dialog work processes are running. use vmstat on UNIX or task manager on Windows to see if the operating system is running short on memory which would cause it to swap.backup. If they are.Now you will be log off and login to your instance Using Administrator as username and password you provide at the time of installation 9) Now here you can create more user for brtool with different user roles. may make performance degrade for the group with the highest load %). Then. So. They (generally) work with the same groups of tables and hit the same indexes using the same programs (transactions). then you may want to look at SM12 (or is SM13?) and see if updates are disabled. for how to best split the users up. you'll find a note that will tell you how to fix the problem. then creating logon groups by line-of-business may have no benefit (or worst case.restore and you now more thing . If there is. then you can tune the App server buffers to a much greater extent. You need some historical information to base your decision on.g. onto (or one set of) App server(s). look at the alert log (if it's an Oracle database) and see if you have any space related errors (e. First. If you do. (in opinion only) you should start with a buffer hit ratio analysis / DB table & index access analysis (by user group) to see where you would get the best benefit from this kind of setup. The logon group(s) will have to be referenced by SAP GUI.up2.ini + maybe the services file. All Work process are running? What will be our action? Are all the work processes (dia. In vmstat. If you don't have this kind of info. click once on one of the numbers in the Semaphore column to select it and then. if you can group all of the users hitting the same tables. the free column (which is in 4k pages on most UNIX . there are several possible causes. You can use it to view space. hopefully. You may find that 50% of the load is from the SD users and so you may need one group for them (with 3 App servers in it) and one other group for everyone else (with the other 3). look to see if there's a number in the Semaphore column in SM50 or dpmon. ORA-01653 or ORA01654). when you're adjusting the FI server group. Also consider that there's variables for time-of-day (load varies by time-of-day) and op-mode switches (resources vary by op-mode).. If it's not a semaphore (or sometimes if it is). re-enable updates in SM12.enq. search OSS notes and. for example) tend to use the same sets of data. If the FI users (generally) never hit against the HR tables then the App servers in the FI group don't (generally) have to buffer any HR data. add a datafile or raw device file to the applicable tablespace and then.btc. press F1 (help) to get a list of Semaphores. That leaves you free to make memory and buffer adjustments to a more drastic extent. so SAP GUI (or saplogon. SAP Load Balancing and Work Processes Troubleshoot The benefit of segregating user groups by line-of-business (using logon groups) is related to the point that groups of users (like SD users or HR users. only) will have to change to accomodate any new groups you create in SMLG. because you don't have to worry (as much) about screwing the HR users (as an example).upd.spo) running or just all the dialog work processes? If all the work processes are running. will depend on what you do next. In task manager. Depending on what you see here. Usually. The procedure is basically the same on UNIX and Windows. you'll see a screen that looks like what you see in SM50. PRD_hercules_DVEGMS00) select option "m" and then.g. /usr/sap/SID/DVEGMS00/work) is never a bad idea. option "l" On both operating systems. when all the dialog work processes are running. look at free memory in the physical memory section under the performance tab. On UNIX: telnet to server and login as sidadm user.g. but checking the developer trace files (e. If it's 10MB or 15MB (I think). cd to /sapmnt/SID/profile directory execute "dpmon pf=SID_hostname_SYSNR" (e.g. .g.g. you won't be able to log in via SAPgui and will need to execute the dpmon utility at the commandline level. then the operating system will be swapping. option "l" On Windows: Click on START.zero value. dev_disp) in the work directory (e. f:) cd to \sapmnt\SID\profile execute "dpmon pf=SID_hostname_SYSNR" (e.derivatives) will be consistently 5MB or so and the pi and/or po columns will have a non. then RUN Type "cmd" and press enter change to drive where profile directory resides (e. PRD_zeus_DVEGMS00) select option "m" and then. The %idle column in the cpu or proc section will be 0 or a very low single digit while the sys column will be a very high double-digit number because the operating system is having to swap programs out to disk and in from disk before it can execute them.