CTS uses the user management and authentication mechanisms provided with the SAP NetWeaver platform, in particular SAP NetWeaver Application Server for ABAP. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Application Server for ABAP Security Guide also apply to CTS.
In addition to these guidelines, we include information about the standard users that are delivered with CTS:
The table below shows the standard users that are necessary for operating TMS.
Standard Users
User ID | Type | Password | Description |
---|---|---|---|
TMSADM | System |
|
TMSADM is a system user with authorizations limited to certain display and TMS configuration activities. It is created on all ABAP systems in client 000 when TMS is configured. TMSADM has display authorizations, such as the display of
TMSADM is also used for the distribution of transport configuration changes to systems of the current transport domain. The user ID and password are stored in the TMSADM* RFC destinations and in the CTS Passwords area in the secure storage of the system under /CTS/PWD/$T$/<domain>/DOMCTL. The default profile is S.A_TMSADM. You must never extend this profile or add a profile or role of your own to the user. For more information about changing the password of user TMSADM, see Changing the Password of User TMSADM. For more information about securing user TMSADM, see Protecting Special Users. |
TMSADM_WF | System |
One of the default passwords PASSWORD or $1Pawd2&. Caution Change the password.
Recommendation If you use SAP Solution Manager, you can use Quality Gate
Management or Change Request Management in SAP Solution Manager for workflow
functions.
|
TMSADM_WF is a system user with authorizations limited to TMS Workflow activities. It is created on all systems that are configured as Transport Workflow Engines in the client of the Workflow Engine during configuration of the TMS Workflow. The default profiles are S_A.TMSADM and S_A.TMSWF. For more information about changing the password of user TMSADM_WF, see SAP Note 2017125 . For more information on configuring the Transport Workflow, see Configuring the Transport Workflow. |
DDIC | Dialog | User-defined. It must be set during the installation of the SAP system. | By default, user DDIC is used internally when imports are performed. It is
available in all ABAP systems in all clients. Recommendation
If you did not change the user set up for the transport
background job to a user other than DDIC, and if user DDIC was locked for
security reasons, you need to unlock it temporarily to perform imports. For
more information about securing user DDIC, see Securing User DDIC Against Misuse.Change the user that is used for imports by changing the user that is set up for the transport background job (RDDIMPDP). For more information, see Protecting Special Users. |