cancel
Showing results for 
Search instead for 
Did you mean: 

Risk: Is it a risk when a user can access Transport Management System?

0 Kudos

Hello together

I have a question regardings transports and risk.

Is it a risk when a user can access the STMS Transport Management System as well as the STMS_Import TMS Import queue? Or does the user actually need other rights for really performing a transport?

Thank you for your help and input.
Mike

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Mike,

Yes it is risk, the user shouldn't have STMS_import. The basis team will have this authorization.

Regards.

Visu

Former Member
0 Kudos

Then who will have stms, not basis team?

Former Member
0 Kudos

_________________________

PS: Is it an interview question? If so please do not post here

0 Kudos

No, it's a question that I face in the Business, therefore an answer would be appreciated.

Former Member
0 Kudos

> Having STMS & STMS_IMPORT is not a risk.

    If STMS is given with any of the Development activities/Security activities/Create transport requests it would be a risk.

>> STMS_IMPORT is more than eough, if they are working only with import requests.

Best Regards,

Rama

0 Kudos

Thank you for your response.

Can you verify that I understand you correct? It would be a risk when a user also has access to the transaction SE09 - The transport Organizer? However the transaction STMS_import itself is not a risk?

Former Member
0 Kudos


Yes, If STMS or STMS_IMPORT combines with any of them would be a risk.

0 Kudos

It is a risk because the user would be able to create his own request (SE09) and transport (STMS or STMS_Import) into the productive system. Is this assumption correct?

Former Member
0 Kudos

Yes, exactly, Your assumption is correct

Colleen
Advisor
Advisor
0 Kudos

Hi Mike

What type of access do you mean here - display, modify, release, etc

The transaction codes are further controlled by objects such as S_TRANSPRT and S_CTS_ADMI. You could allow users the access to see the queue but not actually import the change.

I have worked in situation where I had transport create and release from dev. I then had STMS access to import my change to QA. However, I wasn't allowed to import to Pre-Prod or Prod. STMS can also add approval steps to segregate the access.

These options depend on change and release processes for your site.

Most transport import is reserved as a Basis activity. A benefit here is to have a team responsible for verifying sequencing and transport dependencies to avoid configuration corruption, etc.

As a note, SE* transactions are not the only place to create a transport

former_member80258
Participant
0 Kudos

Hi Collen

That information, is I need it!!!!

Erick Verbena

PROLAMSA/AXIS