/
Which authorities are needed? Especially in SAP Solution Manager?

Which authorities are needed? Especially in SAP Solution Manager?

Are you wondering which authorities are needed?

In general all communications from Jira to SAP are getting tunneled thru SAP Solution Manager using a technical communication user. This user just need to have some little authorities to be used during odate calls of CC5.

All activities executed in managed system are executed using the TMW RFC destination of ChaRM/LMDB. All TMW RFC destination are getting created and updated by SOLMAN_SETUP during managed system configuration. Usually this TMW user does have all needed authorities. Only the import authorities might be missing. This issue is described in an other article.

If you want to execute transport activities in the SAP Solution Manager system + client itself, you might face authority issues. This is caused by the CTS framework which is automatically switching to RFC destination NONE if target system and client are equal to the current system and client. If you are facing such issues, you have to add to the communication user all authorities already assigned to the TMW user, including the import authorities.

Since CC5 version 2.2 we are forcing the use of the proper rfc destination for import activities. That means the technical CC5 user will not need import authorities anymore, even if you want to perform an import to the SAP Solution Manager itself. However for managing and reading transport requests, you might still need to add additional authorities, but only if you want to build transport requests in your SAP Solution Manager system where CC5 is productifely running. This will not be the case for common landscapes where CC5 is running in the productive SAP Solution Manager instance and transport requests are getting created in the development instance.

Please note that this article applies to the SAP Solution Manager use case. The domain controller use case is using different rfc destinations described in the configuration guide. The notes for the special case with rfc destination of the system & client where CC5 is running, is true here as well. In some circumstances you might have to add some authorities to the technical CC5 user if you are facing issues on managing transport requests in your domain controller system & client.

If you want to use Trusted Destination instead of TMW destination for security reasons, you cannot switch it currently. This option is not supported yet but planned as future improvement. Please create an improvement request if needed. Please keep in mind that if you want to use Trusted Destination, you have to create your technical sync user in your managed systems with proper authorities including S_RFCACL and S_RFC.