Show TOC

Background documentationDeploy Destination


The import process of a transport collection needs this destination to be able to import transport requests that are assigned to a transport collection. This destination is required for all communication systems of target clusters. It points from the communication system of the cluster (central CTS server) to a managed ABAP system or to the communication system of a managed non-ABAP system.

Enter the following data:

  • Name according to the following naming convention: TMSDPL@<SID>.<Domain_Name>

    Note Note

    All entries are case-sensitive.

    End of the note.
  • Technical Settings tab: Target Host:

    • For ABAP systems: Use the actual managed system as the Target Host for the destination.

    • For non-ABAP systems: Use the communication system of the managed system as the Target Host for the destination.

  • Logon & Security tab: We strongly recommend that you use Trusted system with the technical user described in the Prerequisites section.

    • Language: Enter a language that is installed both in the central CTS Server and in the managed system. We recommend that you use English (EN).

    • Client: Enter the client of the managed system in which you have created the technical user.

    • User: Enter the technical user that you created in the managed system.

    • Trust Relationship: Select Yes.

    In addition, to encrypt communication data, we recommend that you use Secure Network Connection (SNC) for RFC communication with managed target systems.

Using this setup, you make sure that only user DDIC in client 000 is allowed to communicate using the deploy destination.

Example Example

The non-ABAP system NAT is configured as target system and uses system ABC as the communication system in domain DOMAIN_ABC. System ABC is also the central CTS server. In this case you must create a deploy destination TMSDPL@ABC.DOMAIN_ABC.

End of the example.


For the deploy destination, you need a technical user with specific authorizations and roles assigned in all managed systems. This user is used for communication between the central CTS server and the managed system. You must create this user in the managed system. For non-ABAP systems, you must create it in the communication system of the managed system.

To create this technical user including the necessary roles, proceed as follows:

  1. Log on to the managed system for which you need the Deploy destination in any client.

    Note Note

    Remember in which client you created the technical user since you must later enter this data for the Deploy destination.

    End of the note.
  2. Create a copy of the role SAP_BC_TRANSPORT_OPERATOR, for example Z_BC_TRANSP_OP. We recommend that you always assign copies of roles.

  3. Create a new role, for example Z_TRANS_RFC_ACL. The new role must contain the authorization object S_RFCACL. Use the following field values for the authorization object S_RFCACL:


    Technical Name




    Execute (16)

    RFC client or domain


    000 (required for import process)

    RFC same user ID


    Call by the same user is not possible (No)

    RFC information



    System ID (for SAP and External)


    <communication system of the cluster>

    RFC transaction code



    RFC User (SAP or External)



  4. Create a technical user of type System, for example CCTSTRANS.

  5. Assign the roles that you created before to this user.

More Information

Authorization Object S_RFCACL. If the link does not work, you can search for this documentation or use the following navigation path Start of the navigation path published on SAP site Next navigation step Security Information Next navigation step Security Guide: English Next navigation step Security Guides for Connectivity and Interoperability Technologies Next navigation step Security Guide RFC / ICF Next navigation step RFC Scenarios Next navigation step RFC Communication Between SAP Systems Next navigation step Authorizations Next navigation step Authorization Object S_RFCACL End of the navigation path.