Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tcode SU25 has been executed in Dev

Go to solution
former_member275658
Contributor

‎02-25-2010 11:44 AM

0 Kudos

Hello Gurus,

The tcode SU25 has been executed one of our contractors in Development system (ECC 6.0). He executed the following steps:

1. step 2B. compare affected transactions

2. step 2C. Roles to be checked

3. Check indicator (Transaction SU24)

I want to know the consequences of running SU25 in Dev whether it will affect any available custom roles in dev system.

Please advise..

Regards,

Salman

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎02-25-2010 1:30 PM

0 Kudos

It depends. What did the person actually do in the steps?

SU25 shows you the date/time/user of the step being started, only.

I would just look in SE03 for the transport request and take a look in it to see what was done (if anything at all).

Then check the USOBX_CD abd USOBT_CD tables for any changes (if anything at all).

Cheers,

Julius

4 REPLIES 4

Go to solution
Former Member

‎02-25-2010 1:30 PM

0 Kudos

It depends. What did the person actually do in the steps?

SU25 shows you the date/time/user of the step being started, only.

I would just look in SE03 for the transport request and take a look in it to see what was done (if anything at all).

Then check the USOBX_CD abd USOBT_CD tables for any changes (if anything at all).

Cheers,

Julius

Go to solution
Former Member

‎02-25-2010 5:03 PM

0 Kudos

1. Align your SU24 tables with the correct check indicator defaults as suggested by SAP. You have the option to accept or reject a change. This will also make sure that when you add any transaction to roles, it will add the correct values for the authorization objects

2. Make sure all your new roles have picked up the new values for the new/old authorization objects. If you do not complete this step, all the roles will show up red if you have updated the check indicator defaults.

Any administator who has done security for a while will tell you that testing will not necessarily catch all problems. If you are proactive, you can catch most of the problems in the dev system where the change can be done directly and transported

Thanks,

Prasant

Go to solution
former_member275658
Contributor

‎02-26-2010 7:10 AM

0 Kudos

Hello Julius and Prashant,

1.I checked in SE03, there is no request relating to this. Nothing has been released from dev.

2.I checked in USOBX tables. No new entries are present.

3.Only Derived roles became red and the Master roles are perfectly fine.(green).

4. I adjusted the derived roles by running the catt script.

Please let me know if I need to check anything else.. Thank you very much for your advise.

Regards,

Salman

Go to solution
Former Member
In response to former_member275658

‎02-26-2010 9:34 AM

0 Kudos

There is also a table I think it is AGR_FLAGS. This table will marke the role with an X which is effected I think.

I would generate one of the effected roles and see what the damage is. One could generate a role and than compare from test/production to see if there have been any changes to the role. If there is no change one could manually regenerate the roles.

We had a similar problem in one of our sandboxes but than there was only step 2B which was executed....

Thanks,

CP

Edited by: chinmaya prakash on Feb 26, 2010 10:35 AM

Edited by: chinmaya prakash on Feb 26, 2010 10:40 AM