Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Roles with missing filed values after re-generation

Former Member

‎01-19-2011 1:36 PM

0 Kudos

Hi Experts,

I came across an interesting case in my current upgrade project.

Few roles, changed/generated in DEV(ECC 6.0 Version) system, are missing field values for some authorization objects which were present in role earlier. This I got to know when I compared those roles with current PRO(4.7 Version) system.

I generated all the roles using Expert Mode with 3rd option "Read old status and merge with old data".

I am still clueless about that. Do anyone have any idea why did that happen?

Thanks in advance.

Regards,

Mohit

5 REPLIES 5

arpan_paik
Active Contributor

‎01-19-2011 2:35 PM

0 Kudos

Status Change for roles suppose to be different from production. Anyway see the last change date for authorization in both system. If this is same for both the system then only you have problem. If this is diff then it is likely that some1 modified that role in dev.

regards,

Arpan Paik

Former Member

‎01-19-2011 8:09 PM

0 Kudos

Hi,

When you generate roles in expert mode of PFCG using the 3rd option, SU24 check indicator values are re-read for all menu transactions and merged in the existing authorization objects in the role. Only authorization object with maintainance status "Standard" or " Maintained" are affected.

Please see Note 113290 - PFCG: Merge process when maintaining authorization data for examples of various scenerios during PFCG merge.

Since you have upgraded the system, USOBT table now has new default SAP values for all auth objects which are "check/maintained" for tcodes in SU24 and hence existing values of the standard/maintained objects in the role might be replaced with the new defaults during expert mode generation in PFCG. Hence the missing values.

Thanks

Sandipan

Former Member
In response to Former Member

‎01-20-2011 7:27 AM

0 Kudos

Hi Sandipan,

I agree with you that all Standard and Maintained Objects get affected due to new SU24 values.

But system shouldn't replace the old values, it should add new values or objects.

And that's what I need to confirm.

Thanks,

Mohit

Former Member
In response to Former Member

‎01-20-2011 8:30 AM

0 Kudos

Mohit wrote:

But system shouldn't replace the old values, it should add new values or objects

This is true, new standard authorizations are not inserted in the roles only when your exisiting 'maintained' object has identical values to the new SAP default values for standard fields or atleast it contains the new SAP default values for the standard fields.

Example from the note i referred earlier:

                Maintained Old                                Standard New default values
Field 1                 A, B, C Standard                             A, B, C Standard
Field 2                 C, D     Standard                              C, D      Standard
Field 3                 1, 2, 3  Maint. (empty earlier)          (empty) Standard
the first two fields are filled with default values ("Standard" status) and the maintained authorization contains the default values of the standard authorization.

But a new Standard authorization object could be added with different field values (as in your case) when the new SAP default values for standard fields (Field 2 in below example) has more values than in the 'maintained object'

                        Maintained Old                                    Standard New default values
Field 1             A, B, C  Standard                                A          Standard
Field 2             C, D       Standard                               C, D, E   Standard
Field 3             1, 2, 3    Maint.                                    (empty) Standard
...because its authorization default value contains more values in the second field than the maintained value.

Also, a new standard authorization is added if new default values are suggested for a field which was empty previously

Maintained Old Standard New
Field 1 A, B, C Standard A, B, C Standard
Field 2 C, D Standard C, D Standard
Field 3 1, 2, 3 Maint. 1, 2, 3 Standard
...because the third field also contains default values in the standard authorization; this field was originally empty in the maintained authorization. This shows that the standard values of both authorizations originate from different transactions.

You may read the note (#113290) for understanding all the scenerios as illustrated by examples.

Hope this helps

Sandipan

Edited by: Sandipan Choudhury on Jan 20, 2011 2:08 PM

Former Member

‎01-20-2011 9:26 AM

0 Kudos

Sandipan,

Thanks for the information.

Regards,

Mohit