02-15-2012 1:13 AM
we are upgrading from ECC 5.0 to 6.0 ..and we need to get the new auth. objects maintained. I have ran the SU25
Step - 1 ,2a, 2b and under 2c it shows a lot of roles tro be maintained ..
Looks like doing step 1 is resulting in this big list for step 2c. Can step 1 be undone as looking back i think it wasnt really needed..? or do i have to manually update the table values of USOBT_C and USOBX_C from the old system. ??
Any advice on this issue is apprecaited.
02-15-2012 4:01 AM
Salam,
I would suggest a restore of tables USOBX_C & USOBT_C. Step1 was not required in this scenario.
Dipesh.
02-15-2012 6:17 AM
Thanks Dipesh.
One more scenario i was looking at .. We had set up a new sandbox ECC 6.0 upgrading from the same ECC 5.0 as a test run before the DEV upgrade a week ago. We had not touched SU25 in this sandbox. So if i do the steps 2a- 2d here in sandbox and transport the changes manually to DEV .. or just copy the USOBT_C and USOBX_C tables from sandbox to DEV and run the steps 2a-2d here ..?? what would be the best way of coming out of this..?
02-15-2012 6:49 AM
Salam,
Its always a good practice to keep a copy of the tables USOBX_C & USOBT_C prior to making any changes through SU25 steps post upgrade. Once you take a backup of the tables in sandbox, go ahead and execute SU25 steps 2a-2d. As activity on sandbox is a test run, I don't think you need to move any changes to DEV. For DEV it will be a newly upgraded system ( I presume ) from ECC5, you need to execute SU25 steps 2a-2d and transport the changes to the following systems down the landscape.
Regards,
Dipesh.
02-15-2012 7:05 AM
yes, its a newly upgraded DEV system but i have already ran SU25 step - 1 here.. and the USOBX_C & USOBT_C have been updated with default values.. I would want to get my old values back in these two tables.
02-15-2012 7:10 AM
Salam,
In this case I would suggest you transport the tables USOBX_C & USOBT_C from the sandbox to DEV, then run the SU25 Steps 2a - 2d on DEV again.
Dipesh
02-15-2012 8:58 PM
It would be nice if step 1 once run after installation would be greyed out, and only available via a menu path with a bigger warning message. Or even a PRGN_CUST setting which is needed before it can be run again...
You should ideally have transported all your changes. So make sure the transports have all gone through and use the download option from PROD and upload them into DEV again.
This will create more work in step 2B but at least you have your work back again.
Good luck,
Julius
02-15-2012 9:23 PM
yes, a bigger warning message would have caught my attention...
so which transports are you refering to ..? the one from step 3 ..?
and for download / upload just the tables USOBX_C and USOBT_C or the roles too ..?
Appreciate your help
Thanks
Salam Omer
02-16-2012 5:16 AM
All transports for SU24 and SU25 changes must go through sooner or later. This means that QAS and PRD have the same as what the toasted DEV had before it was re-initialized.
If you did not make changes to the roles inbetween or run step 2c and make changes there, then you should be fine with restoring the usob*_c tables.
Cheers,
Julius
ps: Is anyone else interested in a request to grey out step 1 once it has been run already? Then only make it a less intuitive menu option...
02-16-2012 1:56 PM
Hi Julius,
I think Step 1 should remain as it is...Just like Step 3 is one shot transport of complete usob*_c tables, similarly I think Step 1 is one shot reset of the tables to standard proposals. It's just like factory reset option in mobile phones
It lies with the Security experts to know when or whether to use that step. For an upgrade, security consultants should know that Step 1 should not be touched. Just like we should know that clicking on factory reset button will erase all information from our mobile
Thanks,
Deb
02-16-2012 2:23 PM
This accidental running of step 1 happens often enough in the wild that I think something less intuitive would be usefull.
Some phones make you enter a password before running the factory reset - perhaps DDIC in client 000 only. SAP already uses this same procedure of "DDIC only in client '000' and you must know the password to protect some other things such as special types of imports in upgrades. Would fit at least the same shoe size as "starting over from scratch" for the roles.
Cheers,
Julius
Edited by: Julius Bussche on Feb 16, 2012 9:37 PM
02-16-2012 11:31 PM
> ps: Is anyone else interested in a request to grey out step 1 once it has been run already? Then only make it a less intuitive menu option...
I think your idea of having PRGN_CUST setting to control this is great! I think it's in nobody's interest to have step 1 so easily available after it has been run first time.
02-20-2012 11:59 PM
Transporting the tables back to DEV was a hassle but was able to get my values back..I do have quite a few roles to work on in 2c ..but can get that done..
Thanks Dipesh and Julius !!
yes i agree having step 1 greyed out /password protected with a clear warning after inital set up would help reduce any accidental use..
Debmalya~ Its just that you shouldnt have a phone reset option just besides the dial option on your phone