Show TOC

Background documentationPlug-In Management Web UI - Authorizations

 

To be able to distribute CTS plug-ins using the Plug-In Management Web UI, the logon user must be assigned specific authorizations.

Authorizations Required on the CTS Server (SAP Solution Manager)

In general, the user must have a copy of the following role assigned:

  • SAP_BC_TRANSPORT_ADMINISTRATOR

If you do not want to use the predefined authorization or if the role contains too many authorizations, you can run an authorization trace to find out which authorizations are required. For more information, refer to the information provided in the “More Information” section.

Alternatively, you can restrict authorizations by assigning the following authorization objects individually:

Task

Authorization

Starting the Plug-In Management Web UI using the transaction code SZENPLUGIN.

The user who starts the UI using the transaction code SZENPLUGIN needs to be assigned authorization object S_TCODE with field TCD and value SZENPLUGIN.

This authorization object is part of the roles SAP_BC_TRANSPORT_OPERATOR and SAP_BC_TRANSPORT_ADMINISTRATOR as of SAP NetWeaver 7.0 Enhancement Package 2, SP13.

Displaying objects on the UI including the following tasks:

  • Searching for systems

  • Displaying search help and value help

Display authorization: The user needs to be assigned authorization object S_TRANSPRT with field ACTVT and value 03.

Distributing CTS plug-ins to the managed systems.

On the CTS server, the user needs to be assigned the authorization object S_CTS_ADMI with field CTS_ADMFC and value TABL.

Note Note

If the user needs both display and change authorization, assign both authorizations.

End of the note.
Authorizations Required on the Managed System

  • User TMSADM must exist on the managed system. It must not be locked and must have the standard profile assigned (S_A.TMSADM).

  • Make sure that the user who performs a validation in the Plug-In Management Web UI also exists in the managed systems for which he wants to perform the validation. Otherwise, validation will fail.

  • To distribute CTS plug-ins, the user who is used for plug-in distribution to the managed system (usually the user that is logged on to the current system) must have the authorization object S_RFCACL in the managed system if the import destination uses Trust Relationship. For more information on S_RFCACL and Trust Relationship, refer to the information provided in the “More Information” section.

In general, the user who is used for plug-in distribution to the managed system must have copies of the following roles assigned:

  • SAP_BC_TRANSPORT_OPERATOR: Required for distributing CTS plug-ins

  • SAP_BC_TRANSPORT_ADMINISTRATOR: Required if the managed system is not in the same transport domain as the CTS server.

If you do not want to use the predefined authorization or if it contains too many authorizations, you can run an authorization trace to find out which authorizations are required. For more information, refer to the information provided in the “More Information” section.

Alternatively, you can restrict authorizations by assigning the following authorization objects individually:

  • S_TRANSPRT with field ACTVT and value 03

  • S_CTS_ADMI with field CTS_ADMFC and value IMPA

  • S_DATASET with the values required to access the transport directory. This authorization is required to read files. If the user does not have this authorization object assigned the error message OPEN_DATASET_NO_AUTHORITY is displayed.

  • S_RFC with the following values:

    • field ACTVT and value 16

    • field RFC_NAME and values STPA and TMSC

    • field RFC_TYPE and value FUGR

More Information