Authority Check on Execution of Task List Tasks

All transport activities performed by a Change Request Management action, by the IT Operator or by batch jobs are tunneled thru the task list. For every transport activity there exist a specialized task in the task list on header, footer or system role level.

For some of these tasks an authority check is performed on execution, for some not.

Why???

For some of these tasks an authority check against following authority objects will be performed on task execution:

  • /TMWFLOW/H Change Request Management: Task in Header
  • /TMWFLOW/D Change Request Management: Task in Development Systems
  • /TMWFLOW/O Change Request Management: Task in Follow-On Systems
  • /TMWFLOW/P Change Request Management: Task in Production Systems
  • /TMWFLOW/R Change Request Management: Task in Retrofit Systems
  • /TMWFLOW/S Change Request Management: Task in Single Systems
  • /TMWFLOW/F Change Request Management: Task in Footer

However, only following tasks are checked by SAP standard (SM 7.1 SP 11):

  • 1000 REQUEST_CREATE /TMWFLOW/SCMA_TRORDER_CREATE
  • 1500 REQUEST_DECOUPLE /TMWFLOW/SCMA_TRORDER_DECOUPLE
  • 1600 REQUEST_ASSIGN /TMWFLOW/SCMA_TRORDER_ASSIGN
  • 1700 REASSIGN_CHANGE /TMWFLOW/SCMA_REASSIGN_CHANGE
  • 1900 REQUEST_REASSIGN /TMWFLOW/SCMA_TRORDER_REASSIGN
  • 2000 TASK_CREATE /TMWFLOW/SCMA_TRTASKS_CREATE
  • 3000 REQUEST_RELEASE /TMWFLOW/SCMA_TRORDER_RELEASE
  • 4000 REQUEST_IMPORT /TMWFLOW/SCMA_TRORDER_IMPORT
  • 5000 CRIT_OBJ_APPROVE /TMWFLOW/SCMA_CRIT_OBJ_APPR
  • 6000 UC_IN_OTHER_SYSTEMS /TMWFLOW/SCMA_TRIMP_SYNC_TEST
  • 7000 LOGON /TMWFLOW/SCMA_RSRLOGIN
  • 8000 CTS_PROJECT_RELEASE /TMWFLOW/SCMA_CTS_RELEASE
  • 9000 QUEUE_PREPARATION /TMWFLOW/SCMA_QUEUE_PREPARE
  • 9100 QUEUE_IMPORT /TMWFLOW/SCMA_QUEUE_IMPORT

Because of technical/historical reasons, the checks for 1700, 1900 5000 are done against /TMWFLOW/D instead of /TMWFLOW/H. Maybe this will be changed in SAP Solution Manager 7.2 and that is why there already exist the not used authority objects /TMWFLOW/H and /TMWFLOW/F.

What to do if we want to have authority checks for other SAP standard tasks or for customer specific tasks?

  1. Maintain table /TMWFLOW/TSKPRGC (Mapping of task report name to task id). The id should be the same as the id used in task list definition. This customizing alignment is not obligatory but would be nice.
  2. Maintain table /TMWFLOW/AUTTSKC (Extend value help for field /TMWFLOW/T of the mentioned authority objects). The description of the task should be equal to the task list definition. This customizing alignment is not obligatory but would be nice.
  3. If the task is defined on header or footer level, you might need to do a modification to map it to /TMWFLOW/D. The authority check is always done using function module /TMWFLOW/TASKLIST_AUTH_CHECK. This function module is called at line 559+ of /TMWFLOW/TASK_START1 and line 222+ of IF_EX_SCMA_TREE_STATUS~ACTION_ALLOWED of class /TMWFLOW/CL_IM_SCMA_STATUS. At these code sections, you will find the mentioned system role mapping. Maybe a better place to do the mapping by enhancement instead of modification is at the beginning of function module /TMWFLOW/TASKLIST_AUTH_CHECK.

Additionally to these authority checks, function module /TMWFLOW/TASKLIST_AUTH_CHECK is also checking B_SMAN_WPL and /TMWFLOW/M on opening of task list or on changing phases. Therefore please ensure to add these authorities to your PFCG roles if needed.

In case you want to add authority checks for SAP standard tasks, you should use following task ids since these IDs are already hard coded in class interface /TMWFLOW/CL_CS_TL_TASK:

  • 1800 IGNORE_DGP_CONF /TMWFLOW/SCMA_IGNORE_DGP_CONF
  • 2100 REQUEST_DELETE /TMWFLOW/SCMA_TRORDER_CLEAR
  • 2200 REPAIR_IMPORT_FLAG /TMWFLOW/SCMA_SET_REPAIR_FLAG
  • 3100 CLUSTER_RELEASE
  • 3200 CLUSTER_IMPORT
  • 4100 PRELIMNRY_IMPORT /TMWFLOW/SCMA_PRELIMNRY_IMPORT