cancel
Showing results for 
Search instead for 
Did you mean: 

ChaRM import roles (SAP_CHANGEMAN_OPERATOR and SAP_CHANGEMAN_ADMIN)

Former Member
0 Kudos

Dear Gurus.

In the IMG (SOLMAN_CM_IMPT_AUTH), there is a note describing necessary roles for import actions.

-


Add Import Authorization to Operator/Administrator

Use

Change Request Management uses the import functions of the Transport Management System (TMS). The TMS remote infrastructure is based on RFC connections that point solely to the 000 client of a target system. The operator and administrator users need to have import authorization for client 000 of all target systems.

Activities

1. Make sure that the operator and administrator users in client 000 of the target systems have the same name as their user in the Solution Manager system.

2. Assign import authorization to the operator and administrator users in client 000 of the target systems (SAP_CHANGEMAN_OPERATOR and SAP_CHANGEMAN_ADMIN roles).

For more information about import authorizations and the trusted systems concept, see Configuration Guide: SAP Solution Manager 4.0, and the online documentation for Change Request Management.

-


Here I have 2 questions. Assume that I have the following SAP landscape.

DEV QA PRD

100 --> 150 --> 200

Question 1)

Do I need to assign the import role to a user in client 150 of QA in additon to a user in client 000?

I assume that only a user in client 000 need import role. Am I right?

Question 2)

What if a user in clinet 150 of QA has import role and a user with same name does not exist in client 000? Will import be executed or not?

I searched relevent SAP notes but not information was found.

Thanks

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

thank you

Former Member
0 Kudos

Same user ID in Sol Man and client 000 of your target system is what you need. Without it it will not work no matter if you got auth. in any other client.

/cheers

Former Member
0 Kudos

Christian

Thank you for your renply.

I did investigation by myself and the result is that even no user exists in client 000 of target servers, the following actions still work.

- Create transport request (TR)

- Release TR

- Import to QA

- Import to PRD

Plus, same user exists only in client 100 of DEV. (not in QA or PRD)

And, no authorization role/profile is assigned to the user. (no means really no authorization)

This behavior is totally different from description in SAP IMG note.

Anybody have any information?

Regards

Former Member
0 Kudos

What auth. does your TMSADM user have?

If TMSADM got appropriate rights everybody is able to import. But this should not be set in a production environment.

/cheers

Former Member
0 Kudos

Christian

Thanks.

Let me summaraize our configuration.

SolMan: User ADMIN01 (SAP ALL)

ERP:

DEV 100: User ADMIN01 (No authorization)

QA 150: User ADMIN01 does not exist

PRD 200: User ADMIN01 does not exist

-> due to test enviornment, all 3 clients are created in one ERP instance.

> What auth. does your TMSADM user have?

Our TMSADM has the following profile.

SAP_ALL

SAP_NEW

S_A.TMSADM

Former Member
0 Kudos

Christian

You are right. I removed SAP_ALL, SAP_NEW profile from TMSADM and now logon screen appears when import action is executed.

> TMSADM got appropriate rights everybody is able to import. But this should not be set in a production > environment.

We only allow operator to do import actions. (restrict user ID in condition).

And in DEV system, developers do not have import authorization. (plus project status switch is always on)

I think basically only operator can do import. But Is there any conern I should care?

Regards