Replication of User Data
Use
To enable Single Sign-On between SAP User Management Engine (UME) and ABAP-based SAP systems, users should ideally have the same user IDs both in the UME and in the SAP system. Replicating user accounts to the relevant SAP systems is one method of ensuring that user IDs are the same. The data is replicated in one direction only, from UME to the SAP System. Data cannot be replicated from the SAP System to UME.
Integration
UME accomplishes replication by transmitting XML documents. During user management actions such as user creation, updating and deletion, an XML document is generated and sent to the connected ABAP-based SAP systems for which replication has been configured. The XML documents are sent using the SAP Java Connector (JCo). The XML document contains the user maintenance information and activity to be performed. After acting upon the XML document, an SAP system generates a response document and returns it to UME. The response document contains status and error messages related to the replication process. If the replication fails, the administrator may review and correct the errors and replicate again.
SAP Systems with release 4.6D and higher contain default Business Add-Ins (BAdis) that accept user data contained in the XML documents from UME, act upon it by creating, updating, and deleting user data as required, and perform post processing. SAP applications, for example, SAP Enterprise Buyer, can override the default BAdis with their own BAdis that provide a custom implementation for actions such as user creation, updating, and deletion.
Prerequisites
· UME supports replication of user data to ABAP-based SAP systems with release 4.6D or higher.
· Replication of role assignment data is only supported to ABAP-based SAP systems with release 6.20 or higher.
Constraints
· You can replicate to a maximum of three systems. This is because replication is only designed as a solution for small system landscapes. For larger system landscapes, we recommend that you use Central User Administration (CUA) to manage user data and set up the UME to use the CUA system as its user data source.
· Only use replication if you have a maximum of 5,000 users in the UME.
· Passwords and the lock status of a user are not replicated. Users are created with a deactivated password in the backend system. Users should log on through UME, in the portal for example, and access backend systems using Single Sign-On with logon tickets.
Features
The following user attributes are always replicated:
· userid,
· lastname
· firstname
· language
· timezone
· street
· zip
· city
· country
· department
· telephone
· fax
· salutation ® academicTitle (in R/3)
The following attributes are optionally replicated:
· rolenamelist (if the UME property ume.r3.use.role=true)
· Additional attributes whose names exist in the ABAP-based system. These additional attributes are defined with the UME property ume.admin.addattrs.
For example, if you defined the following additional attributes:
ume.admin.addattrs=Building;Floor;roomNumber
these attributes are mapped to attributes with the same name in the ABAP-based system.
Activities
The administrator
has to configure in UME to
which SAP Systems user data is replicated. For details, see 
Defining To Which SAP
Systems User Data is Replicated.
If a SAP
application requires custom BAdis for processing the XML documents, the
administrator must configure both the SAP System and UME.
For details, see Use of Custom BAdi in
SAP R/3 System.
User data is
replicated automatically when user data is created, changed or deleted in the
UME. Manual replication is only required in special
cases, for example, if there was an error during automatic replication. See
also Replication.
Example
You are using UME with SAP Enterprise Portal and want an SAP Customer Relationship Management (CRM) system to work with the same user base as the portal, so you configure UME to replicate all user data from the portal to the CRM system.