cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ChaRM: authorization questions

Former Member

on ‎09-02-2008 1:00 PM

0 Kudos

Hi!

I have the following simple questions regarding ChaRM.

1) Which RFC-connections do I need to satellite systems (only client 000 in satellite systems or RFC-connections in all the clients of DEV, QAS and PRD system)?

Do we need here Trusted RFC or usual registration with screen?

2) Which authorizations does the user need (SAP_ALL, S_RFC_ACL)?

3) With which user does the ChaRM_Developer, Tester and so on access and execute the task in task plan of SOLMAN and access satellite systems? (user in RFC-connections)

Should the exact users exist on SOLMAN and on satellite systems?

Which authorizations do I need for these?

Any helpful information will be much appreciated!

H. Thomasson

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎09-02-2008 2:35 PM
0 Kudos

Holger,

1) You need to have a RFC connection from SolMan to CLNT000 of all satellite systems (the TMW RFC is not necessary to CLNT000) and RFC connection to the client of the satellite system in which you want to transport the changes (here all RFCs - READ / TMW / TRUSTED - are necessary).

READ and TMW RFC are regular RFCs. TRUSTED is of course a trusted RFC.

These can all be generated using TA SMSY.

2) The user that is generating the RFCs needs to have the authorization object S_RFCACL assigned in the satellite system (which is not part of SAP_ALL nor SAP_NEW).

3) As a Developer and Tester perform their actions in the satellite system, they need to have the authorizations in the satellite system to do this and the exact user needs to exist (as the TRUSTED RFC will be used for this). Also in Solution Manager they need to have the correct authorization which allows them to execute (some) actions from the task list (i.e. Logon to System / Create Transport Task / ...). For the authorization in SolMan, SAP provides some default roles. Search for SOCM in TA PFCG. However customizing them is advised

Hope this helps!

Roel

Show replies
Show replies
Former Member
‎09-02-2008 4:05 PM
0 Kudos

Hi Roel,

thank you very much indeed!

To 1)

Could you please describe why we need here a TRUSTED RFC and whether the normal RFC connection with log in screen doesn't fit.

The problem: we have a productive system and we would like to avoid any TRUSTED RFC connections.

For which reason does the connection exist in this case (collect/send data to SOLMAN, log in to satellite systems executing tasks in task plan)?

To 2)

Which authorization roles and profiles does the the user need besides the authorization object S_RFCACL?

(SAP_ALL, SAP_NEW).

To 3)

Do the users from 1) execute/run in background executing the task in task plan or the the Developer, Tester, defined in ChaRM concept?

Thank you!

Former Member
‎09-03-2008 11:54 AM
0 Kudos

Holger,

1) Within ChaRM the TRUSTED RFC is used for the action 'Logon to System' in the ChaRM msg. I think also for executing actions from the Task List (like release Transport Request, import Transport Request). The TRUSTED RFC needs to be generated as ChaRM needs it, but of course you can change it manually to 'logon screen' to have that extra piece of security. That would not be an issue in my opinion.

2) As for as I know, the user that generates the RFCs from SolMan to the satellite systems only needs S_RFCACL. Of course if more authorization can be granted during the RFC generation process, that would be better.

3) Actions executed from Task List run indeed in background (you can look up the name from the program if you right click on an action in the Task List and choose Detail, create Transport of Copies). As the actions from Developers and Testers are limited, they are mostly executed immediately.

Good luck and let me know if you have more questions!

Roel

Ask a Question