Show TOC

Background documentationAuthorizations for Configuring Central CTS

 

Authorizations Required on the CTS Server (SAP Solution Manager)

In general, the user must have a copy of the following role assigned:

  • SAP_BC_TRANSPORT_ADMINISTRATOR

If you do not want to use the predefined authorization or if the role contains too many authorizations, you can run an authorization trace to find out which authorizations are required. For more information, refer to the information provided in the “More Information” section.

Alternatively, you can restrict authorizations by assigning the following authorization objects individually:

Task

Authorization

Starting the Central CTS Configuration Web UI using the transaction code SZENCONFIG.

The user who wants to start the UI using the transaction code SZENCONFIG needs to be assigned authorization object S_TCODE with field TCD and value SZENCONFIG.

This authorization object is part of the roles SAP_BC_TRANSPORT_OPERATOR and SAP_BC_TRANSPORT_ADMINISTRATOR as of SAP NetWeaver 7.0 Enhancement Package 2, SP13.

Displaying objects on the UI including the following tasks:

  • Searching for systems or system clusters

  • Displaying clusters

  • Displaying search help and value help

Display authorization: The user needs to be assigned authorization object S_TRANSPRT with field ACTVT and value 03.

Changing objects including the following tasks:

  • Creating, changing, or deleting system clusters

  • Changing TMS parameters

  • Distributing the TMS configuration

Change authorization: The user needs to be assigned the authorization object S_CTS_ADMI with field CTS_ADMFC and value TABL.

Distributing CTS plug-ins to the managed systems

On the CTS server, the user needs to be assigned change authorization (see above) and authorization object S_TRANSPRT with field ACTVT and value 03.

Note Note

If the user needs both display and change authorization, assign both authorizations.

End of the note.
Authorizations Required on the Managed System

  • User TMSADM must exist on the managed system. It must not be locked and must have the standard profile assigned (S_A.TMSADM).

  • Make sure that the user who performs a validation in the Central CTS Configuration Web UI (logon user) also exists in the managed systems for which he wants to perform the validation. Otherwise, validatation will fail.

  • To distribute CTS plug-ins, the user who is used for plug-in distribution to the managed system (usually the user that is logged on to the current system) must have the authorization object S_RFCACL in the managed system if the import destination uses Trust Relationship. For more information on S_RFCACL and Trust Relationship, refer to the information provided in the “More Information” section.

In general, the user who is used for plug-in distribution to the managed system must have copies of the following roles assigned:

  • SAP_BC_TRANSPORT_OPERATOR: Required for distributing CTS plug-ins

  • SAP_BC_TRANSPORT_ADMINISTRATOR: Required if the managed system is not in the same transport domain as the CTS server.

If you do not want to use the predefined authorization or if it contains too many authorizations, you can run an authorization trace to find out which authorizations are required. For more information, refer to the information provided in the “More Information” section.

Alternatively, you can restrict authorizations by assigning the following authorization objects individually:

  • S_TRANSPRT with field ACTVT and value 03

  • S_CTS_ADMI with field CTS_ADMFC and value IMPA

  • S_DATASET with the values required to access the transport directory. This authorization is required to read files. If the user does not have this authorization object assigned the error message OPEN_DATASET_NO_AUTHORITY is displayed.

  • S_RFC with the following values:

    • field ACTVT and value 16

    • field RFC_NAME and values STPA and TMSC

    • field RFC_TYPE and value FUGR

More Information

  • Maintaining Trust Relationships between SAP Systems

  • Authorization Object S_RFCACL

  • Using the System Trace to Record Authorization Checks (Transaction STAUTHRACE)

  • Authorizations in the CTS

  • Transport Operator

  • Transport Administrator

  • For more information on authorization object S_TCODE, see Authorization Checks.

  • For more information on the releases and Support Packages which delivered changes to the roles SAP_BC_TRANSPORT_OPERATOR and SAP_BC_TRANSPORT_ADMINISTRATOR, see SAP Note 1748949Information published on SAP site.