on 06-15-2009 11:52 AM
Dear Gurus.
In the IMG (SOLMAN_CM_IMPT_AUTH), there is a note describing necessary roles for import actions.
-
Add Import Authorization to Operator/Administrator
Use
Change Request Management uses the import functions of the Transport Management System (TMS). The TMS remote infrastructure is based on RFC connections that point solely to the 000 client of a target system. The operator and administrator users need to have import authorization for client 000 of all target systems.
Activities
1. Make sure that the operator and administrator users in client 000 of the target systems have the same name as their user in the Solution Manager system.
2. Assign import authorization to the operator and administrator users in client 000 of the target systems (SAP_CHANGEMAN_OPERATOR and SAP_CHANGEMAN_ADMIN roles).
For more information about import authorizations and the trusted systems concept, see Configuration Guide: SAP Solution Manager 4.0, and the online documentation for Change Request Management.
-
Here I have 2 questions. Assume that I have the following SAP landscape.
DEV QA PRD
100 --> 150 --> 200
Question 1)
Do I need to assign the import role to a user in client 150 of QA in additon to a user in client 000?
I assume that only a user in client 000 need import role. Am I right?
Question 2)
What if a user in clinet 150 of QA has import role and a user with same name does not exist in client 000? Will import be executed or not?
I searched relevent SAP notes but not information was found.
Thanks
thank you
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Same user ID in Sol Man and client 000 of your target system is what you need. Without it it will not work no matter if you got auth. in any other client.
/cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Christian
Thank you for your renply.
I did investigation by myself and the result is that even no user exists in client 000 of target servers, the following actions still work.
- Create transport request (TR)
- Release TR
- Import to QA
- Import to PRD
Plus, same user exists only in client 100 of DEV. (not in QA or PRD)
And, no authorization role/profile is assigned to the user. (no means really no authorization)
This behavior is totally different from description in SAP IMG note.
Anybody have any information?
Regards
Christian
Thanks.
Let me summaraize our configuration.
SolMan: User ADMIN01 (SAP ALL)
ERP:
DEV 100: User ADMIN01 (No authorization)
QA 150: User ADMIN01 does not exist
PRD 200: User ADMIN01 does not exist
-> due to test enviornment, all 3 clients are created in one ERP instance.
> What auth. does your TMSADM user have?
Our TMSADM has the following profile.
SAP_ALL
SAP_NEW
S_A.TMSADM
Christian
You are right. I removed SAP_ALL, SAP_NEW profile from TMSADM and now logon screen appears when import action is executed.
> TMSADM got appropriate rights everybody is able to import. But this should not be set in a production > environment.
We only allow operator to do import actions. (restrict user ID in condition).
And in DEV system, developers do not have import authorization. (plus project status switch is always on)
I think basically only operator can do import. But Is there any conern I should care?
Regards
User | Count |
---|---|
84 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.