02-25-2010 11:44 AM
Hello Gurus,
The tcode SU25 has been executed one of our contractors in Development system (ECC 6.0). He executed the following steps:
1. step 2B. compare affected transactions
2. step 2C. Roles to be checked
3. Check indicator (Transaction SU24)
I want to know the consequences of running SU25 in Dev whether it will affect any available custom roles in dev system.
Please advise..
Regards,
Salman
02-25-2010 1:30 PM
It depends. What did the person actually do in the steps?
SU25 shows you the date/time/user of the step being started, only.
I would just look in SE03 for the transport request and take a look in it to see what was done (if anything at all).
Then check the USOBX_CD abd USOBT_CD tables for any changes (if anything at all).
Cheers,
Julius
02-25-2010 1:30 PM
It depends. What did the person actually do in the steps?
SU25 shows you the date/time/user of the step being started, only.
I would just look in SE03 for the transport request and take a look in it to see what was done (if anything at all).
Then check the USOBX_CD abd USOBT_CD tables for any changes (if anything at all).
Cheers,
Julius
02-25-2010 5:03 PM
1. Align your SU24 tables with the correct check indicator defaults as suggested by SAP. You have the option to accept or reject a change. This will also make sure that when you add any transaction to roles, it will add the correct values for the authorization objects
2. Make sure all your new roles have picked up the new values for the new/old authorization objects. If you do not complete this step, all the roles will show up red if you have updated the check indicator defaults.
Any administator who has done security for a while will tell you that testing will not necessarily catch all problems. If you are proactive, you can catch most of the problems in the dev system where the change can be done directly and transported
Thanks,
Prasant
02-26-2010 7:10 AM
Hello Julius and Prashant,
1.I checked in SE03, there is no request relating to this. Nothing has been released from dev.
2.I checked in USOBX tables. No new entries are present.
3.Only Derived roles became red and the Master roles are perfectly fine.(green).
4. I adjusted the derived roles by running the catt script.
Please let me know if I need to check anything else.. Thank you very much for your advise.
Regards,
Salman
02-26-2010 9:34 AM
There is also a table I think it is AGR_FLAGS. This table will marke the role with an X which is effected I think.
I would generate one of the effected roles and see what the damage is. One could generate a role and than compare from test/production to see if there have been any changes to the role. If there is no change one could manually regenerate the roles.
We had a similar problem in one of our sandboxes but than there was only step 2B which was executed....
Thanks,
CP
Edited by: chinmaya prakash on Feb 26, 2010 10:35 AM
Edited by: chinmaya prakash on Feb 26, 2010 10:40 AM