Background documentationSystem-Specific Authorizations

 

You can set the CTS authorizations of a user in such a way that they are valid for a specific system only. This is useful, for example, if you want to authorize many administrators to execute imports into the quality assurance (QA) system, but only a few to execute imports into the production system.

Use the following authorization objects to grant system-specific authorizations:

  • S_SYS_RWBO

    With this you can grant the authorization for creating transport requests in specific systems. For this, enter the system IDs of the systems where the user is permitted to create transport requests.

    The authorization object is contained in the predefined role SAP_CTS_PLUS_ORG_TEMPLATE as a template.

  • S_CTS_SADM

    With this you can grant the authorization for imports into specific systems. For this, enter the system IDs of the systems where the user is permitted to execute imports. If you require different settings for different users, then you need to create different roles.

    The authorization object is contained in the predefined role SAP_CTS_PLUS_TRANSPRT_TEMPLATE as a template.

Caution Caution

The system-specific authorization objects S_CTS_SADM and S_SYS_RWBO are enhancements of the non-system-specific authorization objects S_CTS_ADMI and S_TRANSPRT. For compatibility reasons the system-specific authorizations come into effect only if the user has not been granted the required rights from S_CTS_ADMI or S_TRANSPRT. However, the display authorization S_TRANSPRT must always be given.

End of the caution.

You set authorizations for systems using roles in the role maintenance (transaction PFCG).

Setting System-Specific Authorizations
  1. Start transaction PFCG. Enter the name of the required template in the Role field and copy it.

  2. When changing the authorization data, enter the following information:

    • Authorization object S_SYS_RWBO

      Field Name (Technical Name)

      Possible Values

      Activity (ACTVT)

      Choose which activities can be performed. The values are the same as for field ACTVT of authorization object S_TRANSPRT. For more information, see Authorizations in the CTS.

      Logical system (DESTSYS)

      Enter the three-character system IDs of those systems for which you want to grant authorizations.

      TMS: Transport Domain (DOMAIN)

      Enter the transport domains of the systems for which you want to grant authorizations.

      Request Type (Change and Transport System) (TTYPE)

      Choose which types of transports can be used. The values are the same as for field TTYPE of authorization object S_TRANSPRT. For more information, see Authorizations in the CTS.

    • Authorization object S_CTS_SADM

      Field Name (Technical Name)

      Possible Values

      Administration Tasks for CTS (CTS_ADMFCT)

      Choose which tasks can be performed. The values are the same as for field CTS_ADMFCT of authorization object S_CTS_ADMI. For more information, see Authorizations in the CTS.

      Logical system (DESTSYS)

      Enter the three-character system IDs of those systems for which you want to grant authorizations.

      TMS: Transport Domain (DOMAIN)

      Enter the transport domains of the systems for which you want to grant authorizations.

  3. Assign the relevant roles with these authorizations to the users.

More Information

For more information on the functions of role management, see Role Management Functions

For more information on authorizations in CTS, see Authorization Concept in the CTS and Authorizations in the CTS.

Was this page helpful to you?