Skip to Content
avatar image
Former Member

ChaRM: authorization questions


I have the following simple questions regarding ChaRM.

1) Which RFC-connections do I need to satellite systems (only client 000 in satellite systems or RFC-connections in all the clients of DEV, QAS and PRD system)?

Do we need here Trusted RFC or usual registration with screen?

2) Which authorizations does the user need (SAP_ALL, S_RFC_ACL)?

3) With which user does the ChaRM_Developer, Tester and so on access and execute the task in task plan of SOLMAN and access satellite systems? (user in RFC-connections)

Should the exact users exist on SOLMAN and on satellite systems?

Which authorizations do I need for these?

Any helpful information will be much appreciated!

H. Thomasson

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Sep 02, 2008 at 01:35 PM


    1) You need to have a RFC connection from SolMan to CLNT000 of all satellite systems (the TMW RFC is not necessary to CLNT000) and RFC connection to the client of the satellite system in which you want to transport the changes (here all RFCs - READ / TMW / TRUSTED - are necessary).

    READ and TMW RFC are regular RFCs. TRUSTED is of course a trusted RFC.

    These can all be generated using TA SMSY.

    2) The user that is generating the RFCs needs to have the authorization object S_RFCACL assigned in the satellite system (which is not part of SAP_ALL nor SAP_NEW).

    3) As a Developer and Tester perform their actions in the satellite system, they need to have the authorizations in the satellite system to do this and the exact user needs to exist (as the TRUSTED RFC will be used for this). Also in Solution Manager they need to have the correct authorization which allows them to execute (some) actions from the task list (i.e. Logon to System / Create Transport Task / ...). For the authorization in SolMan, SAP provides some default roles. Search for SOCM in TA PFCG. However customizing them is advised 😊

    Hope this helps!


    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member


      1) Within ChaRM the TRUSTED RFC is used for the action 'Logon to System' in the ChaRM msg. I think also for executing actions from the Task List (like release Transport Request, import Transport Request). The TRUSTED RFC needs to be generated as ChaRM needs it, but of course you can change it manually to 'logon screen' to have that extra piece of security. That would not be an issue in my opinion.

      2) As for as I know, the user that generates the RFCs from SolMan to the satellite systems only needs S_RFCACL. Of course if more authorization can be granted during the RFC generation process, that would be better.

      3) Actions executed from Task List run indeed in background (you can look up the name from the program if you right click on an action in the Task List and choose Detail, create Transport of Copies). As the actions from Developers and Testers are limited, they are mostly executed immediately.

      Good luck and let me know if you have more questions!