Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EHP6 upgrade queries

Former Member

‎08-14-2013 9:37 AM

0 Kudos

We are going to upgrade to EH6 and I have few queries related to security.

1. All the documentation and forum post related to upgrade suggest, that the su25 security activities begin during the "EHP6 post upgrade" phase. I wish to know whether is there anything that the security team should plan or take action before the upgrade process. (Like backing up tables, comparing su22 and su24, etc).


2. I am new to this organization and this is my first upgrade project.  I found that there are lot of authorization objects added manually in SAP roles by previous consultants(not reflected in su24).  So now during the upgrade, what will be the consequences of it.  Is there any step that I can take up now or during the su25 upgrade cycle to fix it so the authorization values which are manually added doesnt get overwrite.

3. How to know whether the su24 data is modified for which roles or we are using the SAP standard authorization values as originally provided via su22. I doubt whether the su24 is modified for any role.

Please excuse as I know these are beginner questions, but I want to clear all the doubts so I can avoid users complaining later of missing authorizations in Production system.

4 REPLIES 4

Colleen
Advisor
Advisor

‎08-28-2013 6:25 AM

0 Kudos

Hi Sameer

Things to consider can also depend what version you system is currently on. If you have an upgraded system available you may want to consider new transaction codes and authorisation objects, etc. Also look at new security functionality and improvements (e.g. changes to SU53; SECPOL)

If you have a system available you can run Step 2A Report only to compare the SU22 to SU24 changes. This could be helpful to know to prepare for impacted roles

One thing to consider doing is to remove obsolete roles. Reduce the number of roles that may be identified in Step 2C

For Question 2: Cleaning up manually added objects is a always a good thing to do. However, SU25 will not impact manually added.

For Question 3: You can take a quick glance in tables USOBT_C/USOBX_C to see which transactions your site has maintained in SU24. Take that list of transactions and looking up AGR_TCODES to see which of your role contain those transactions. From there you can also look at AGR_1250/AGR_1251 to see if you have standard/maintained/changed/manual objects. If it's all standard then your matching SU24 proposals (unless role has not been updated since a change to SU24). If you have services and other items in your role menu you will need to look at them.

Avoiding (well at least minimizing) user complaints in Production System is achieved through a test cycle for security.

There is a lot you can do to prepare but whether it adds value or not will depend on how meticulous your role administrators have been and how what your current EHP is (big jump or little jump). If you are saying they manually add objects all the time (and without good cause) than that might be an indication that security role build has not been meticulous and you will have issues.

Regards

Colleen

Former Member
In response to Colleen

‎11-25-2013 6:36 AM

0 Kudos

Hello,

I am currently upgrading from ECC EHP3 to EHP6 in a Sandbox system.

Need to know how to take backup of tables UBOX_C & USOBT_C before I execute SU25. Can you please advise?

Thanks,

Sunny Doshi

Colleen
Advisor
Advisor
In response to Colleen

‎11-25-2013 11:13 PM

0 Kudos

HI Sunny

Transaction SU24 allows you to download. It also has functionality to mass upload.

Regards

Colleen

Former Member
In response to Colleen

‎11-26-2013 10:07 AM

0 Kudos

Hi Colleen,

Yes, I can see the Download & Upload options within SU24 screen.

Basically, I selected all options 'Originals Only + SAP Data + Customer Data' due to which 'No data available' message was appearing on the screen.

Now when I select either SAP Data or Customer data, it gives me text file to download.

1> Anyways, if we need to download the data for all the tcodes (*) , which will serve as a back up for standard or customer tables (USOBX/USOBT/USOBX_C/USOBT_C), will it download all the data  correctly? I have not done this as it was taking lot of time.

I am asking this because before I start SU25 activity in DEV system, i want to take back up's of these tables. Any other alternative you followed?

2> Another approach is to transport these tables. Does that mean that if someone messes up these tables in DEV, then we can use SU25 -> Step3 from QA and transport it to DEV?

Can you advise me what approach you followed for the above?

Thanks,

Sunny Doshi