You can set the CTS authorizations of a user in such a way that they are valid for a specific system only. This is useful, for example, if you want to authorize many administrators to execute imports into the quality assurance (QA) system, but only a few to execute imports into the production system.
Use the following authorization objects to grant system-specific authorizations:
S_SYS_RWBO
With this you can grant the authorization for creating transport requests in specific systems. For this, enter the system IDs of the systems where the user is permitted to create transport requests.
The authorization object is contained in the predefined role SAP_CTS_PLUS_ORG_TEMPLATE as a template.
S_CTS_SADM
With this you can grant the authorization for imports into specific systems. For this, enter the system IDs of the systems where the user is permitted to execute imports. If you require different settings for different users, then you need to create different roles.
The authorization object is contained in the predefined role SAP_CTS_PLUS_TRANSPRT_TEMPLATE as a template.
Caution
The system-specific authorization objects S_CTS_SADM and S_SYS_RWBO are enhancements of the non-system-specific authorization objects S_CTS_ADMI and S_TRANSPRT. For compatibility reasons the system-specific authorizations come into effect only if the user has not been granted the required rights from S_CTS_ADMI or S_TRANSPRT. However, the display authorization S_TRANSPRT must always be given.
You set authorizations for systems using roles in the role maintenance (transaction PFCG).
Start transaction PFCG. Enter the name of the required template in the Role field and copy it.
When changing the authorization data, enter the following information:
Authorization object S_SYS_RWBO
Field Name (Technical Name) | Possible Values |
---|---|
Activity (ACTVT) | Choose which activities can be performed. The values are the same as for field ACTVT of authorization object S_TRANSPRT. For more information, see Authorizations in the CTS. |
Logical system (DESTSYS) | Enter the three-character system IDs of those systems for which you want to grant authorizations. |
TMS: Transport Domain (DOMAIN) | Enter the transport domains of the systems for which you want to grant authorizations. |
Request Type (Change and Transport System) (TTYPE) | Choose which types of transports can be used. The values are the same as for field TTYPE of authorization object S_TRANSPRT. For more information, see Authorizations in the CTS. |
Authorization object S_CTS_SADM
Field Name (Technical Name) | Possible Values |
---|---|
Administration Tasks for CTS (CTS_ADMFCT) | Choose which tasks can be performed. The values are the same as for field CTS_ADMFCT of authorization object S_CTS_ADMI. For more information, see Authorizations in the CTS. |
Logical system (DESTSYS) | Enter the three-character system IDs of those systems for which you want to grant authorizations. |
TMS: Transport Domain (DOMAIN) | Enter the transport domains of the systems for which you want to grant authorizations. |
Assign the relevant roles with these authorizations to the users.
For more information on the functions of role management, see Role Management Functions
For more information on authorizations in CTS, see Authorization Concept in the CTS and Authorizations in the CTS.