TMS Trusted Services

To achieve the correct balance between the twin goals of data protection and usability, you can choose between different levels of protection and usability in the Transport Management System (TMS).

The standard RFC connection settings in the TMS guarantee the highest possible protection when reading and changing data. User TMSADM only has authorization for read access and non-critical changes. This means that the user cannot use the TMS to obtain uncontrolled access from one system to another This means that you can manage systems with differing levels of protection in a transport domain without the 'non-secure' systems endangering the 'secure' systems. The downside is that you must log on with user name and password each time you use the TMS to access and make changes to the target system.

TMS Trusted Services suppress the logon procedures in the target systems, after you have successfully logged on to a client in one of the systems in the transport domain. All other authorization checks in the TMS are then made on the user name that you used to start the TMS in the source system. This means that the identity of the user is not checked every time you use the TMS to access a system, only when the user first logs on to a client in the transport domain. The only check made in the target system is to see whether the user has the correct authorization for the particular action (such as importing a transport request). TMS Trusted Services must only be used if the user names are the same in all clients in all SAP Systems in the transport domain.

Caution This also applies to the test systems in the transport domain. Users who have administration authorization in the test system could obtain unauthorized access to other systems in the transport domain under certain circumstances.

More Information

Activating TMS Trusted Services
You can find more information about the user TMSADM in the security guide for CTS under CTS User Administration and Authentication.