Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deactivation of new objects during upgrade

Former Member

‎04-17-2010 6:13 AM

0 Kudos

Hello Gurus,

Iam working on a upgrade project 4.6C to ECC 6.0 , i had completed till SU25 2(B) activity.

I had executed su25 2(C) step and adjustd few roles, but there were few new objects coming in i was able to get values for FI and MM objects from respective functionals.

But HR guys are not able to provide values for the new objects, new objects are like p_pernr , P_origin e.t.c

My questions is, if i deactivate these new objects will there be any authorization issue , the transactions which are working in R3 will work properly or will there be any issue ?

2. Also please let me know, what are precuationary measures to be taken before adjustintg the new transactions in SU25 2(D) step.

Thanks,

Sanketh.

9 REPLIES 9

Former Member

‎04-17-2010 8:20 AM

0 Kudos

Hi,

The objects P_PERNR, P_ORGIN doesn't have any additional fields included in ecc6.0. You can see the objects which are changed in the new upgrade from profile SAP_NEW. You need to make sure these objects are updated properly with new fields in the present roles.

Its a good idea to do a proper testing in dev/qas to see how the roles are working.

Step 2(d) gives new transactions which are introduced in ECC 6.0, you can ask your client to start using new transactions like SE16n, ME21N and etc.

If they prefer to use them, then you can adjust the roles as per the requirements.

Regards,

Gowrinadh

Former Member

‎04-17-2010 9:08 AM

0 Kudos

The risk is only that a new tcode might only check this new object, or an old tcode might no longer check the old object at some point.

In both cases, all users have full authorizations for all activities, as there are no checks.

If you must, then rather give full authorization with plausible activities and org. levels as a "quick & dirty" solution, and then retro-fit the new object when you have time.

Cheers,

Julius

ps: I am refering to global deactivation - but anyway... You cannot deactivate basis and HR objects in the applications.

Edited by: Julius Bussche on Apr 17, 2010 12:57 PM

Former Member
In response to Former Member

‎04-20-2010 8:04 AM

0 Kudos

Thanks for the reply,

Instead of globaly deactivating the object, what happens if the new objects such as P_pernr or P_origin is deactivated ina role.

will there be an authorization issue, or the transactions which are working fine R3 will work as usual in ECC or beacuse of these new checks will there be any issue ?

I had another doubt regarding the authorization object:

1.

How to find out the list of affected authorization objects during upgrade, I mean how to find out the list of changes to core authorization object .( such as if any new fields are added/deleted to the authorization object).

2. Are Z transactions affected during upgrade ?

Thanks,

sanketh.

Former Member
In response to Former Member

‎04-20-2010 8:33 AM

0 Kudos

Hi,

Yes, you can deactivate the object in the role. However it is better to make a quick check on roles. All the objects changed can be found in profile SAP_NEW. Open the profile which suits your present basis version.

Z transactions are affected if they use the authorization objects which are changed in new release and at the same time, if you run SU25 with out making proper preparations.

Regards,

Gowrinadh

Former Member
In response to Former Member

‎04-20-2010 8:54 AM

0 Kudos

Thanks Gowri,

I had checked the SAP_NEW profile with the corresponding basis release , i had found only 3 authorization objects

F_ITTC_BUK

F_KKWLIORG

R_UC_SE

and I had checked in SUIM in executable transactions for authorization , no transaction has come up with these authorizations.

Are these only the authorization objects affected during the upgrade ?

Or is there any way other than this to find out the list of authorization objects whcih are changed during upgrade ( such as adding/deleting few fields in auth objects).

Also please let me know what are the possible preperations before performing Su25 activity, I already performed this activity, just want to check whether i have followed all precautions are not.

Thanks,

Sanketh.

Edited by: Sanketh Teegala on Apr 20, 2010 9:58 AM

Former Member
In response to Former Member

‎04-20-2010 10:56 AM

0 Kudos

What is the basis version you are now.

I have checked profile S_NEW_7000,and S_NEW_6400 both has many objects than what you said.

For upgrade preparations in SU25, look for the thread in top of security forum. We have lot of useful collection there.

Regards,

Gowrinadh

Former Member
In response to Former Member

‎04-20-2010 11:49 AM

0 Kudos

We have upgraded from 4.6c to ECC 6.0 and basis version is S_new_701.

I think the objects which are present in S_new_701 are only the new objects affected during upgrade or we should consider all the profiles from S_new 470 to Snew_701 as the affected objects list during this upgrade.

THanks,

Sanketh.

Former Member
In response to Former Member

‎04-20-2010 12:04 PM

0 Kudos

Hi,

if you regenerate sap_all, it will by default include all the objects necessary from sap_new. Once the successful generation, you can see the list of roles affected while running the steps from SU25. You will have all the list of roles "to be changed or affected" .

Hence when you see the new objects (or the new entries of same object , this can be deactivated in the role) maintain them as required.

Regards,

Gowrinadh

Former Member

‎05-28-2010 5:24 AM

0 Kudos

thanks.