Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Upgrade 4.5b to ECC6

Former Member

‎07-20-2006 5:14 PM

0 Kudos

Guru's,

Can you advise (I have moved this from a different forum - if its in the wrong place, please let me know).

We are currently in the process of upgrading our R/3 SAP system from 4.5 to ERP 2005 - ECC6 (we are also upgrading HR (4.6) & Retail (4.7) onto the same instance). I've been charged with looking after the SAP Security side of things and, if possible, would like to ask you if you have any experience with ERP 2005 and your opinion/views on the following two questions;

what are the benefits of ERP ECC6 to SAP Security (Pro's & con's)?

What are the main pitfalls I should watch out for in the upgrade? currently we use Activity groups in R/3 and Job roles in Retail and HR.

Any advice/tips - greatly appreciated.

Thanks

alan

1 REPLY 1

fredrik_borlie
Contributor

‎01-15-2007 5:04 PM

0 Kudos

Hi, maybe late to answer your question, but others might have use of this information.

Technical wise there are not so many changes to the R/3 application (even if it changes its name). Roughly the same transactions are in use and the same objects as well.

We did an upgrade from 4.5b to 4.7 and these were our pitfalls.

  • Change in core to check for the exact buffer content.

This means that you will get cases where users had 2 (or more) roles which combined gave higher authorization, but with WebAS 6 and higher the authorization check is performed for the exact authorizations. No more combination errors!!

  • change in SU01 so you cannot assign generated profiles directly to the user. You have to assign the role and let the system assign the profile.

(also some bugs where this assignment got lost and even if the user had the role they did not have the profile. Solved by a support package)

  • lots of new N-transactions. For example, ME21 got a facelift and ME21N was born. Lots of work to track down all N-transactions to add them to the roles.

And we also got a new present. New buffering. Which means that when you assign a role to a user, he/she does not have to log out and back in again. The user buffer is recalculated upon every entry to the S000-screen.

Best regards

Fredrik