01-18-2016 7:44 PM
Hi all,
I want to understand what is deemed to be best practice in regards of SU24 changes for standard transactions.
Some resources state that SU24 should be changed if necessary also for standard transactions. Others claim if SU24 is changed for standard transactions and a new release is introduced that the SU24 would revert back to standard, causing massive overhead work.
What is best practice here?
Cheers,
Peter
01-18-2016 11:58 PM
Hi Peter
I recommend you read up on transaction SU25 to better understand what happens to SU24 data when SAP released support packs. Check out help.sap.com and search (here's a discussion I had on the topic http://scn.sap.com/thread/3418404 - though it's not for the most recent basis release)
In short, yes SU24 should be maintained for SAP standard transactions as well as customer. Changes are necessary depending on your configuration. Also, SAP hasn't always been consistent or done a great job in keeping it up to date
There's even a regular member in SCN who encourages SU24 gaps to be reporting to SAP
But the best was I can summarise it - check out the USOBT/X tables and look how many transaction codes for SU24 mappings were maintained back in 1997 or other years. Some transactions have never been revisited even though changes to underlying code has occured. Also, very services and webdynrpos are mapped - they're SAP standard too
Regards
Colleen
01-18-2016 9:07 PM
Maintaining SU24 is for experts and should be made bonus relevant for admins.
The rest should not have any access to PFCG at all.
Cheers,
Julius
01-18-2016 9:14 PM
You missunderstood my question. Obviously no end user should have access to this.
I am talking about SAP Role Admins or whoever is in charge developing/maintaining the SAP authorisation concept.
01-18-2016 9:55 PM
I think you misunderstood my answer.. 🙂
An admin who is afraid of SU24 and thinks it breaks your upgrade builds roles with changed and manual status auths. They are not sufficiently trained to be given access to PFCG (in my opinion of best practice - which is what your question is about).
In the new PFCG from 7.50 onwards you can even set an option that "changed" authorizations are not allowed anymore -> SU24 is mandatory in best practice implementations.
Cheers,
Julius
01-18-2016 11:58 PM
Hi Peter
I recommend you read up on transaction SU25 to better understand what happens to SU24 data when SAP released support packs. Check out help.sap.com and search (here's a discussion I had on the topic http://scn.sap.com/thread/3418404 - though it's not for the most recent basis release)
In short, yes SU24 should be maintained for SAP standard transactions as well as customer. Changes are necessary depending on your configuration. Also, SAP hasn't always been consistent or done a great job in keeping it up to date
There's even a regular member in SCN who encourages SU24 gaps to be reporting to SAP
But the best was I can summarise it - check out the USOBT/X tables and look how many transaction codes for SU24 mappings were maintained back in 1997 or other years. Some transactions have never been revisited even though changes to underlying code has occured. Also, very services and webdynrpos are mapped - they're SAP standard too
Regards
Colleen
01-19-2016 6:15 AM