cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Impact of SAP ECC6.0 upgrade from EHP4 to EHP6, Security perspective.

Former Member

on ‎11-28-2012 5:09 PM

0 Kudos

Hello,

Our client is planning to upgrade SAP ECC6.0 system from EHP 4 SP6 to EHP6 SP5.

I am unable to find appropriate documents/discussions that will tell me if it has any impact on SAP Security infrastructure.

If yes, any pointers from where I can get information to estimate the efforts required ?

We had a considerable impact when we applied EHP4 on ECC 6.0.

Would EHP4 to EHP6 have similar impact ?

Thanks,

Kshitij

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

former_member96398
Participant
‎08-30-2013 8:42 PM
0 Kudos

Kshitij,

We just just upgraded our sandbox from ECC 6 ehp 4 to 6 and after running su25 over 900 of the proposed auth object checks where changed.

There seems to be some issues with the transaction, see note 1759777.

We have a note in to SAP to try and fix the issue, I will update this thread with the results from SAP and our analysis.

For now we are reverting back to our old customer table and allowing the functional team to test as break fixing new objects will likely be allot less work than updating su24 with 900 values and yes these are all transactions that are currently assigned and being used.

Regards,

Curtis

Show replies
Show replies
Former Member
‎08-12-2014 2:59 PM
0 Kudos

HI Curtis,

After upgrade from EHP2 to EHP7 we have executed SU25 2a and 2b in dev system but later on decided not to modify the roles  due to time limitation. now we need to revert back the customer table to its previous state,

so is there any way to revert it other then backup restoration?

I can see that you have reverted your customer table before can you let me know how did you do that?

Thanks

Dheeraj

Former Member
‎12-03-2012 4:02 PM
0 Kudos

Hello Kshitij,

    The Best Practice should be performing the upgrade in sandbox system and run SU25 to check and update the auth relevant changes and ensure the proper testing done by the functional team, there are chances that new functionalities may appear .. you need to work closely with functional team to ensure everything is tested before getting this implemented in Dev system

Thanks

Rajendra A

Show replies
Show replies
Former Member
‎12-03-2012 12:00 PM
0 Kudos

Hi Kshitij,

Mainly after Upgrade,USOBT and USOBX tables get changed , so need to synchronize between above ones and USOBT_C and USOBX_C tables.

Please check 2A,2B,2C and 2D steps of SU25 t.code in SAP .

It will help you.

Thanks

Sujit

Show replies
Show replies
Former Member
‎11-29-2012 1:00 AM
0 Kudos

Hi kshitj,

  Please go through with the belwo link.

http://scn.sap.com/community/erp/60-upgrade/blog/2012/07/30/on-the-road-to-ehp6


Thanks,

Varun jain

Show replies
Show replies
Former Member
‎11-30-2012 1:52 PM
0 Kudos

Hello Varun,

Thanks for replying. This blog talks more about preparation from Basis perspective.

I am trying to find information on Security relevant changes. I have also gone through Master guide for EHP6. I could see it has a mention of NWBC, is it something that I need to explore ?

Our current system does not have EP, so I need not worry about portal roles.

Is there any document that gives me information regarding new authorization objects that will be introduced through EHP6 (in turn by EHP5 considering that we are at EHP 4 at present) ?

Thanks,

Kshitij

Former Member
‎12-03-2012 11:08 AM
0 Kudos

Hi Kshitij,

Impact on security is minimal when upgrading from EHP4.0 to EHP6.0. This is unlike the upgrade you had when migrated from EHP3.0 to EHP 4.0

I would suggest, you request Basis Team to provide you a list of all SAP Notes included in the package (ideally the list would be huge) which belongs to security and analyse the Notes.

Also you can ask Basis to prepare a Sandbox system with EHP6.0 and you can compare USOBX, USOBT tables from this system with a previous version system to identify if there any new addition of standard auth object.

Thanks,

Deb

Former Member
‎12-03-2012 2:55 PM
0 Kudos

Hello Deb,

Thanks for the response. It seems best picture can be obtained by setting up a sandbox system with EHP6.0.

As far as impact is concerned we have another thing to take care of i.e. new business functions being activated. That will bring in new transaction codes and org levels if I am not wrong.

Thanks,

Kshitij

Ask a Question