You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To configure user access and permissions, set up role collections for the different roles available for SAP Cloud Transport Management.
After successful subscription, you need to configure user access to the application. You create different role collections for the different SAP Cloud Transport Management roles, and assign roles to the role collections based on the application templates. Afterwards, you assign the role collections to users or user groups.
For the LandscapeOperator and the Viewer roles, SAP Cloud Transport Management delivers the TMS_LandscapeOperator_RC and TMS_Viewer_RC role collections. You don´t need to set up role collections for these two roles.
Note:
It's possible to create new role collections and add the roles to the new role collections directly after creating the collections, which would prevent you from having to switch between different views in SAP BTP cockpit. However, we recommend that you add the roles in the Roles tab of the subscription details. This is useful, because all template roles relevant for the service are displayed there.
The following steps describe the recommended procedure.
Step
Action
More Information
You find the roles delivered for the service in the subscription details on the Roles tab.
To get there, in your subaccount, choose Services > Instances and Subscriptions.
On the Subscriptions tab, in the Cloud Transport Management row, choose (Actions) and Manage Roles.
The default role templates are displayed.
Note:
If you've opened the Roles view of your subaccount by choosing Security > Roles, you see the role templates available for the alm-ts application, which is relevant for the user interface of SAP Cloud Transport Management.
Even though you can set up the role collections in this view, we don't recommend to do this as described previously.
Depending on your entitlements, for example the role templates of the alm-ts-backend or alm-ts-dev applications can also be displayed. It's not necessary to add roles to these applications, because access is enabled using service instances, and the role assignment implicitly happens through the selected instance plan. For more information, see Step 3.3 in the topic Creating a Service Instance and a Service Key.
For more information on the SAP Cloud Transport Management roles, see Security.
Create different role collections for the required SAP Cloud Transport Management roles.
To create a new role collection, in your subaccount, choose Security > Role Collections.
Choose Create.
Enter a name for the new role collection, and choose Create.
The new role collection is added to the list.
Repeat the previous steps to create different role collections for different SAP Cloud Transport Management roles.
For example, you can create a role collection for administration tasks that contains the Administrator role, and a role collection for developers with ExportOperator role.
Assign the different SAP Cloud Transport Management roles to the role collections.
In your subaccount, choose Services > Instances and Subscriptions.
On the Subscriptions tab, in the Cloud Transport Management row, choose (Actions) and Manage Roles.
Go to the Roles tab of the subscription details.
In the row of the template role that you want to add to the role collection, choose ➕.
Select the role collection to which you want to add the role, and choose Add.
The role was added to the role collection.
Repeat the previous steps for all role collections that you've created.
You can create additional roles and add them to role collections, for example, to restrict the authorizations to specific transport nodes only. For more information, see Security under Node-Specific Attributes.
After you've created the role collections and assigned roles to them, assign the role collections to users or user groups.
To do this, choose Security > Role Collections.
Select the required role collection.
Choose Edit.
In the Users tab, select your identity provider and enter the user data as required by your identity provider.
