Show TOC

Plug-In Management Web UI - AuthorizationsLocate this document in the navigation structure

Use

To be able to distribute CTS plug-ins using the Plug-In Management Web UI, the logon user must be assigned specific authorizations.

Make sure that the user who performs a validation in the Plug-In Management Web UI also exists in the managed systems for which he wants to perform the validation. Otherwise, validation will fail.

To distribute CTS plug-ins, the user who is used for plug-in distribution to the managed system (usually the user that is logged on to the current system) must have the authorization object S_RFCACL in the managed system if the import destination uses Trust Relationship. For more information on S_RFCACL and Trust Relationship, refer to the information provided in the More Information section.

In general, the user must have copies of the following roles assigned:

  • On the CTS server (SAP Solution Manager):

    • SAP_BC_TRANSPORT_ADMINISTRATOR

  • On the managed systems:

    • SAP_BC_TRANSPORT_OPERATOR: Required for distributing CTS plug-ins

    • SAP_BC_TRANSPORT_ADMINISTRATOR: Required if the managed system is not in the same transport domain as the CTS server.

If you do not want to use the predefined authorizations or if they contain too many authorizations, you can run an authorization trace to find out which authorizations are required. For more information, refer to the information provided in the More Information section.

Alternatively, you can restrict authorizations by assigning the following authorization objects individually:

Task

Authorization

Starting the Plug-In Management Web UI using the transaction code SZENPLUGIN.

The user who starts the UI using the transaction code SZENPLUGIN needs to be assigned authorization object S_TCODE with field TCD and value SZENPLUGIN.

This authorization object is part of the roles SAP_BC_TRANSPORT_OPERATOR and SAP_BC_TRANSPORT_ADMINISTRATOR as of SAP NetWeaver 7.0 Enhancement Package 2, SP13.

Displaying objects on the UI including the following tasks:

  • Searching for systems

  • Displaying search help and value help

Display authorization: The user needs to be assigned authorization object S_TRANSPRT with field ACTVT and value 03.

Distributing CTS plug-ins to the managed systems.

On the CTS server, the user needs to be assigned the authorization object S_CTS_ADMI with field CTS_ADMFC and value TABL.

On the managed systems, the user needs to be assigned the following authorization objects:
  • S_TRANSPRT with field ACTVT and value 03
  • S_CTS_ADMI with field CTS_ADMFC and value IMPA
  • S_DATASET with the values required to access the transport directory. This authorization is required to read files.
  • S_RFC with the following values:
    • field ACTVT and value 16
    • field RFC_NAME and values STPA and TMSC
    • field RFC_TYPE and value FUGR
Note

If the user needs both display and change authorization, assign both authorizations.

More Information
  • For more information about Maintaining Trust Relationships between SAP Systems, search for the documentation on SAP Help Portal at http://help.sap.com.
  • For more information about Authorization Object S_RFCACL, search for the documentation in the Security Guide RFC / ICF on SAP Help Portal at http://help.sap.com.
  • For more information about running an authorization trace, search for the Using the System Trace to Record Authorization Checks (Transaction STAUTHTRACE) documentation on SAP Help Portal at http://help.sap.com.