Skip to Content
avatar image
Former Member

STMS Display Role

Experts,

I have a requirement to build an STMS display only role. Is it possible??

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

8 Answers

  • Best Answer
    avatar image
    Former Member
    Sep 09, 2009 at 06:38 AM

    Yes, it is possible in several ways. If you are not authorised to edit the object S_Transprt in the corresponding role, just make a search via SUIM >Roles > Roles by complex selection criteria-->in the Authorization Object 1, Object field (below)enter S_Transprt and press enter. you will be asked for Request type and activity. Restrict the activity to 03 (which is for display) and execute ,seach for the suitable roles. assign that role to the user.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi,

      It should be in the form user_command_QA_Worklist

      when you use STMS_QA for approving a transport request, we first would have to select if we want to approve as a request owner or as a team leader. A request owner approval would be task 1 as per the authority object and is assigned to all. The team lead approavl is a task 2 approval as per the object and this is given to specific users

  • avatar image
    Former Member
    Jul 29, 2009 at 06:24 AM

    Hi,

    Goto PFCG >authorization tab >stms-->chk for s_transport auth object and click on activity field of that object --> change to display. There will b many options like create,delete,display.select display.

    Thanks.

    krishna.

    Add comment
    10|10000 characters needed characters exceeded

  • Aug 11, 2009 at 07:59 AM

    The first thing that I ask my customer is WHY.

    Next is WHO and then WHY again.

    If they really can give me good answers for why there is need for such a function I can give a go and create such an access.

    In this case it seems that this control have failed.

    I do not see why there should be any need for display rights into STMS.

    If someone needs possibilities to display certain transports I would have granted them access to SE03 instead. Or why not SE09/SE10?

    Access to STMS should be really restricted.

    Regards Fredrik

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      > Access to STMS should be really restricted.

      On the other hand, the STMS can also be started via several reports and remotely via RFC as well... Even is display mode without a very strong authentication in place.

      I prefer the correct authorization to use the STMS in this case, regardless of the transaction access. If the STMS is set up correctly, then it should be fine (protected by client 000 of the domain controller, etc).

      Cheers,

      Julius

  • avatar image
    Former Member
    Jul 28, 2009 at 08:49 PM

    > Is it possible??

    Yes.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 28, 2009 at 09:11 PM

    >

    >Coming to STMS....how do we create one. When i add STMS and S_TRANSPRT ACTVT 03 the user is able to import the transports, change the transports etc.

    Then you should mention this in your question and improve the question - then the answers follow in the same quality.

    Please rephrase and ask the question about exactly where your doubt is after having attempted to do it.

    Cheers,

    JUlius

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Julius,

      I tried to create the display role, When i inactivated all the objects expect S_TCODE. The system didnt allow access STMS. When i added S_TRANSPRT object with ACTVT 03 and * for other field values the user was able to pretty much do everything. I didnt know how to restrict. Do we have any other procedure?

  • avatar image
    Former Member
    Jul 29, 2009 at 03:25 AM

    Raghav,

    If you need to restrict STMS Display access to particular usersgroup then you

    can restirct users to STMS display access by Authorization object S_USER_GRP. Here you need to maintain

    activity : 03 (display) & User group in user master maintenance : Particular Usergroup .Then you

    can manually add this object S_USER_GRP in Authorization tab, in change authrization data .

    It will help you to restrict particular group of users for STMS Display access.

    Thanks

    Vikas rana

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      >

      > If you need to restrict STMS Display access to particular usersgroup then you

      > can restirct users to STMS display access by Authorization object S_USER_GRP. Here you need to maintain

      > activity : 03 (display) & User group in user master maintenance : Particular Usergroup .Then you

      > can manually add this object S_USER_GRP in Authorization tab, in change authrization data .

      >

      > It will help you to restrict particular group of users for STMS Display access.

      >

      ?

      How many more of your rediculous answers must I delete before it becomes more efficient to simply delete your user ID from SDN and the OSS systems?

  • avatar image
    Former Member
    Jul 29, 2009 at 07:01 AM

    You need to consider that the STMS is a system and not just a little transaction.

    Underneith it is an RFC system which connects the systems in the transport domain to each other, and depending on which system you are logged onto and what you are attempting to do in the STMS, these checks will not only run against your own user ID but also against the RFC connections for the TMS's own administration and the setup of the support calls to the target systems.

    First of all, which task in the STMS can the user perform successfully which is not only "display"?

    If it is in the Import Queue, then most likely this is faulty config of the TMS when you set it up.

    Please confirm.

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Verify in client 000 that the user TMSADM only has the limited profile it is delivered with --> S:A_TMSADM (or similar).

      From the TMS domain controller client 000 you can also reset the user from transaction STMS via the Extra's menu.

      Note that when logged onto a DEV system for example, and using the import function from the Import Queue to the QAS system for example, the user would be prompted to logon to the QAS system and have the authorization for the import there in QAS, not in the DEV system.

      Also check in SM59 TMSSUP* RFC connections to that system. A user ID should not really be saved in that connection.

      Cheers,

      Julius

  • Mar 24, 2010 at 09:26 AM

    Having 03 actvity in S_TRANSPRT cannot freeze a user to do transport. Restriction to object S_CTS_ADMI is also necessary.

    Pardon my sudden inclusion as I admit I did not went through all the history... 😔

    Not sure if someone already told what I write just now.

    Arpan

    Add comment
    10|10000 characters needed characters exceeded