Start of Content Area

Background documentation TMS Trusted Services  Locate the document in its SAP Library structure

To achieve the correct balance between the twin goals of data protection and usability, you can choose between different levels of protection and usability in the Transport Management System (TMS).

The standard RFC connection settings in TMS guarantee maximum protection when reading and changing data. If user TMSADM, who only has authorization for read access and non-critical changes, remains unmodified, then the user cannot use TMS to obtain uncontrolled access from one system to another. This means that you can manage systems with differing levels of protection in a transport domain without the 'non-secure' systems endangering the 'secure' systems. The downside is that you must log on with user name and password each time you use TMS to access and make changes to the target system.

TMS Trusted Services suppress the logon procedures in the target systems, after you have successfully logged on to a client in one of the systems in the transport domain. All other authorization checks in the TMS are then made on the user name that you used to start the TMS in the source system. This means that the identity of the user is not checked every time you use TMS to access a system, only when the user first logs on to a client in the transport domain. The only check made in the target system is to see whether the user has the correct authorization for the particular action (such as importing a transport request). TMS Trusted Services must only be used if the user names are the same in all clients in all SAP Systems in the transport domain.


This also applies to the test systems in the transport domain. Users who have administration authorization in the test system could obtain unauthorized access to other systems in the transport domain under certain circumstances.

For more information, see Activating TMS Trusted Services.