on 11-28-2012 5:09 PM
Hello,
Our client is planning to upgrade SAP ECC6.0 system from EHP 4 SP6 to EHP6 SP5.
I am unable to find appropriate documents/discussions that will tell me if it has any impact on SAP Security infrastructure.
If yes, any pointers from where I can get information to estimate the efforts required ?
We had a considerable impact when we applied EHP4 on ECC 6.0.
Would EHP4 to EHP6 have similar impact ?
Thanks,
Kshitij
Kshitij,
We just just upgraded our sandbox from ECC 6 ehp 4 to 6 and after running su25 over 900 of the proposed auth object checks where changed.
There seems to be some issues with the transaction, see note 1759777.
We have a note in to SAP to try and fix the issue, I will update this thread with the results from SAP and our analysis.
For now we are reverting back to our old customer table and allowing the functional team to test as break fixing new objects will likely be allot less work than updating su24 with 900 values and yes these are all transactions that are currently assigned and being used.
Regards,
Curtis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Curtis,
After upgrade from EHP2 to EHP7 we have executed SU25 2a and 2b in dev system but later on decided not to modify the roles due to time limitation. now we need to revert back the customer table to its previous state,
so is there any way to revert it other then backup restoration?
I can see that you have reverted your customer table before can you let me know how did you do that?
Thanks
Dheeraj
Hello Kshitij,
The Best Practice should be performing the upgrade in sandbox system and run SU25 to check and update the auth relevant changes and ensure the proper testing done by the functional team, there are chances that new functionalities may appear .. you need to work closely with functional team to ensure everything is tested before getting this implemented in Dev system
Thanks
Rajendra A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kshitij,
Mainly after Upgrade,USOBT and USOBX tables get changed , so need to synchronize between above ones and USOBT_C and USOBX_C tables.
Please check 2A,2B,2C and 2D steps of SU25 t.code in SAP .
It will help you.
Thanks
Sujit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi kshitj,
Please go through with the belwo link.
http://scn.sap.com/community/erp/60-upgrade/blog/2012/07/30/on-the-road-to-ehp6
Thanks,
Varun jain
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Varun,
Thanks for replying. This blog talks more about preparation from Basis perspective.
I am trying to find information on Security relevant changes. I have also gone through Master guide for EHP6. I could see it has a mention of NWBC, is it something that I need to explore ?
Our current system does not have EP, so I need not worry about portal roles.
Is there any document that gives me information regarding new authorization objects that will be introduced through EHP6 (in turn by EHP5 considering that we are at EHP 4 at present) ?
Thanks,
Kshitij
Hi Kshitij,
Impact on security is minimal when upgrading from EHP4.0 to EHP6.0. This is unlike the upgrade you had when migrated from EHP3.0 to EHP 4.0
I would suggest, you request Basis Team to provide you a list of all SAP Notes included in the package (ideally the list would be huge) which belongs to security and analyse the Notes.
Also you can ask Basis to prepare a Sandbox system with EHP6.0 and you can compare USOBX, USOBT tables from this system with a previous version system to identify if there any new addition of standard auth object.
Thanks,
Deb
Hello Deb,
Thanks for the response. It seems best picture can be obtained by setting up a sandbox system with EHP6.0.
As far as impact is concerned we have another thing to take care of i.e. new business functions being activated. That will bring in new transaction codes and org levels if I am not wrong.
Thanks,
Kshitij
User | Count |
---|---|
96 | |
10 | |
9 | |
6 | |
3 | |
3 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.