cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

TDMS and the types of users and roles

Go to solution
Former Member

on ‎12-05-2013 9:23 AM

0 Kudos

Hello,

I read the TDMS Security Guide on SAP Marketplace. For simplicity, I understand that there are several composite
roles delivered, for example :
SAP_TDMS_MASTER_CR
SAP_TDMS_BUSINESS_EXPERT
SAP_TDMS_TECH_EXECUTION_EXPERT
SAP_TDMS_TECH_EXECUTION_USER
SAP_TDMS_RFC_USER_700_CR   (assuming the remote system is on SAP NW 7.0 and above)
and the user actions applicable for TDMS control centre, remote system, scrambling, HCM, BPL.

I am rather confused on :

(a). what type of users (RFC and/or dialog) are needed for the various systems (sender, control, receiver) ?
My understanding is that I need to create RFC users and dialog for the 3 systems (sender, control, receiver)

but what kind of roles/composite roles need to be granted (minimumly) to all these user accounts ?

(b). extending further, what type of users, at which system (sender, control or receiver ?) and the roles
needed to use the tool for extracting HCM data, do scrambling and BPL.

Thank you and regards,
Kir Chern, Loh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

bxiv
Active Contributor
‎12-05-2013 6:20 PM
0 Kudos

In my environment we set up a dedicated tdms account in sender/receiver/control, and set them to system accounts (SAP TDMS10 recommends Communication type accounts); and due to only having two security folks for my company they got the go ahead to place sap_all for the tdms account.

I use the dedicated tdms account as much as I can to make the process consistent and easy to remember, but your environment may have other restrictions/rules.

I don't think any special is needed for BPL except for rights on the TDMS control/command system(s).

Data scrambling requires silimiliar rights on the control/command system(s).

HCM will require rights in the HCM system to review data for the package.

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎12-09-2013 6:24 AM
0 Kudos

Hello Kir Chern,

Here are the answers:

1. For all the three systems central, sender and receiver you need RFC users with the role assigned

    SAP_TDMS_RFC_USER_700_CR. Dialog user is required only for central system. You need to assign the role SAP_TDMS_MASTER_CR to the dialog user for central system.

2. Roles mentioned above are enough for executing any package like BPL, scrambling, HCM etc. HCM package activities will take care of restrict access to sensitive data that means while executing the HCM package you will be asked to activate more logon switch.

Hope it helps.

Thanks,

Anita

Show replies
Show replies
Ask a Question