12-02-2010 1:02 PM
Hi,
Need your help.
I need to resist access to import CTS to only Quality box and restrict import access to Production box.
Means user have access to STMS, however they can import only to quality box.
Is it possible?
Regards,
Surpreet
12-02-2010 1:09 PM
Hi Surpreet,
Yes. The solution is simple. Remove IMPA and IMPT under S_CTS_ADMI from the role that you assign and also Import activity from S_TRANSPRT.
This will remove the option to import transport requests in the production box.
However, you will have to assign a role with these authorizations in Quality box.
Hope this helps!!
Best Regards,
Raghu
12-02-2010 1:09 PM
Hi Surpreet,
Yes. The solution is simple. Remove IMPA and IMPT under S_CTS_ADMI from the role that you assign and also Import activity from S_TRANSPRT.
This will remove the option to import transport requests in the production box.
However, you will have to assign a role with these authorizations in Quality box.
Hope this helps!!
Best Regards,
Raghu
12-02-2010 1:11 PM
Just restrict the permissions on your production system..
Kind regards,
Mark
12-02-2010 1:16 PM
Sorry, I think, i didn't explained it well.
Dev box is my domain box and from Dev box CTS are imported to Quality and production.
now in dev box i want to restrict user access to import CTS only to Quality box.
regards,
Surpreet
12-02-2010 1:27 PM
Hi,
If you wish to restrict in production, you can change the setting in SCC4 for that client. Use No transport allowed option.
However, let us know the process that you are following? Are you transporting using a script or at the OS level? If yes, it is not possible to restrict at the authorization level.
Rgds,
Raghu
12-02-2010 1:30 PM
Hi Raghu,
After releasing CTS in DEV box, I open STMS in DEV, then click on the QAS box and select the CTS which needs to be imported into QAS.
And similarly later do this for PRD.
Now i want to restrict second part i.e. import to PRD.
Please advice.
Regards,
Surpreet
12-02-2010 1:42 PM
Hi Surpreet,
There is no other option except restricting at the client properties as per my knowledge.
Regards,
Raghu
12-02-2010 9:13 PM
Lets take a closer look... as you seem to be describing a missing feature or check (initially I thought you where asking a "how to" question without having read the documentation on the STMS).
If you do read the documentation then it will mention that critical tasks performed should not be within the (standard and restricted) authorizations of the TMSADM user in client 000, which will then call destination TMSSUP@domain and will prompt you for a user ID and PWD in the target system (DEV and PROD).
Check your config and authorizations of the TMSADM user - this is most likely the cause. You should also consider moving the domain controller to PROD...
Cheers,
Julius
12-03-2010 4:43 PM
HI Surpreet,
Even if you use dev as the domain controller, I believe you would still need to authenticate with a production user-id with enough authorizations to import the request. So restricting access for the user id in production should solve the problem.
I would think as long as u restrict S_TRANSPRT activitues 43 and 60, it should do the job for you.
Regards,
Chinmaya
12-07-2010 11:12 AM
Hi Supreet,
After releasing CTS in DEV box, I open STMS in DEV, then click on the QAS box and select the CTS which needs to be imported into QAS.
And similarly later do this for PRD.
Now i want to restrict second part i.e. import to PRD.
I found many people give you correct direction i.e. restrict user in production system. In production system user should not have authorization to import via object S_CTS_ADMI. Restricting only this object will serve the purpose.
Regards,
Arpan Paik
12-04-2010 4:36 AM
Regardless of your domain controller (where it sits), you should check your TMSADM user configuration. Explore RFC configuration options.
Once you set the configuration correctly forcing user to use there user id and password while going in to production via DEV domain controller, you can than utilize authorization to user id to restrict user to import in to Prod.
12-06-2010 9:53 PM
Surpreet,
When a user is logged in to the domain controller and attempting to transport to another system a logon to the target system is required. The account in the target system is checked for authorization. If proper authorization is not present in the target system the transport cannot be completed. You can limit the access in the target system as described in posts above.
12-08-2010 7:51 AM
Hi,
Thanks all.
Didn't got time to check this functionality.
Sorry....... for late reply. Will get back after testing.
Regards,
Surpreet