CTS+ Configuration for SAP PI Single Stack (AEX/PO) For DUMMIES! Part 1

Many a times blogs are an outcome of what difficulties what one might have gone through to accomplish this. Thanks to Devendra that he has single blog on Web which helps SAPians to do CTS+ configuration for single stack SAP PI. Being a “dummy” to the world of SOLMAN, CTS and SAP PI, I faced numerous challenges and twists. This for people who are starters in this area and often lack instant support from securities and basis team. CTS+ Configuration for SAP PO made simpler for you

1. User Creation (In SOLMAN Default client)

1.1 Create service user CTSSRVUSER in Solution manager default client (001 in my case)

    This user will be used to export the objects from DEV to import queues of target in SOLMAN.

    a. Go to Tcode – SU01 -> type the username -> click create

b. Give the details of user and set the password. Go to roles and assign following roles to it

Standard role- SAP_CTS_PLUS

Custom role – Z_CTS_PLUS_ADDITIONAL (This need to be created)

c. Click save and ignore the warning Role Z_CTS_PLUS_ADDITIONAL does not exist

1.2 Now we need to create the custom role Z_CTS_PLUS_ADDITIONAL.

a. Go to tcode -> PFCG

b. Type the name of the role and click Single Role

c. Click the Authorization tab->  In the section Information about Authorization Profile click on Propose Profile Names

d. Click the Authorization tab->  In the section Information about Authorization Profile click on Propose Profile Names

e. Once done-> click on Change Authorization Data

f. Click Manual entry of authorization objects -> Enter authorization objects as shown and click continue

1. S_ICF
2. S_RFC
3. S_CTS_ADMI
4. S_DATASET
5. S_TRANSPRT

g. Expand the Tree and enter the following in the given areas

              Authorization Check for ICF Access (object: S_ICF):

• ICF_FIELD: DEST, PROXY, SERVICE
• ICF_VALUE: * (Type * in the FROM column or Click Full Authorization)

Authorization Check for RFC Access (object: S_RFC):

• ACTIVITY: 16
• RFC_NAME: CTS_WBO_DIS, EPSF, RFC1, SDIFRUNTIME, STPA, SYST, SYSU
  • In the other blogs SYSU is not mentioned. There can be an error- RFC_NO_AUTHORITY for CTSSRVUSER, as it tries calling a function module SYSTEM_RESET_RFC_SERVER (can be seen in ST22 dumps). To prevent this add SYSU function Group
• RFC_TYPE: FUGR

              Administration Functions in the Change and Transport System (object: S_CTS_ADMI):

• CTS_ADMFCT: EPS1, EPS2

              Authorization for file access (object: S_DATASET):

• ACTVT: 06, 33, 34, A6, A7
• FILENAME: *
• PROGRAM: CL_CTS_ASSIST_BROWSER=========CP, SAPLEPSF, SAPLSCTS_EXE_FILE, SAPLSCTS_RELEASE, SAPLSLOG, SAPLSTFI, SAPLSTPA, SAPLSTPP, SAPLSTRF, SAPLTMSM, SAPLTMS

              Transport Organizer (object: S_TRANSPRT):

• ACTVT: 01, 02, 03, 05, 06, 23, 43, 50, 60, 65, 75, 78, 90 (80 should not be selected)
• TTYPE: CUST, DTRA, PIEC, TRAN

          h. Save once done and click Generate. The role is now created and the Service user is ready

    2.1.  Create Technical User NWDI_CTSADM in PI QAS and PRD environment

              This user will be  logging in the PO Quality/Prod [TARGET] and transport objects to target

                  a.  Login to Netweaver Administrator (NWA-> http://<host>:<port>/nwa) -> Configuration-> Identity Management

                    b.  Click Create User

              c.  Assign the following roles to the user and save.

                        SAP_XI_CMS_SERV_USER

                        SAP_XI_DEVELOPER_J2EE

                        SAP_XI_CONFIGURATOR_J2EE

For transporting SLD objects also have a seperate user with SLD role or assign to same user. I have created SLD_CTSADM user in Quality system for SLD transports.

Now we are done with the per-requisites to proceed with TMS configuration. In the part 2, we will proceed with TMS configuration. You can go to part 2 from the below link-

CTS+ Configuration for SAP PI Single Stack (AEX/PO) For DUMMIES! Part 2