Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

PFCG - Read from old status and merge with new deletes authorizations

Former Member
0 Kudos

After migrating to Context Based Structural Authorizations using P_ORGINCON and P_ORGXXCON we have observed that when a new transaction is added to a role and the Expert mode is used (Read from old and merge with new) all the P_ORGINCON and P_ORGXXCON objects are deleted and replaced by the a standard new object.

The only note we can find is 679050 but this does not apply to our system as we are on SAP Basis Version 700.

As part of the migration all transactions that used P_ORGIN were updated in su24 to include P_ORGINCON as check maintain. However, we did not set P_ORGIN to 'do not check'.

The HR master switch has been updated with P_ORGINCON turned on and P_ORGIN turned off.

Any help would be appreciated.

1 ACCEPTED SOLUTION

desiree_matas
Contributor
0 Kudos

Hello Ahmad

The merging process in transaction PFCG is a little tricky. Please check SAP note

113290 for detailed examples on how this merging process works.

Regards,

Désiré

5 REPLIES 5

desiree_matas
Contributor
0 Kudos

Hello Ahmad

The merging process in transaction PFCG is a little tricky. Please check SAP note

113290 for detailed examples on how this merging process works.

Regards,

Désiré

Former Member
0 Kudos

hi,

it should not happend...

since read old status & merge with new data.

the PG compares the old and current data from the role ,this is the best choice if the role has changed. unchanged data is marked as old.

objects should not get deleted.

so wait, for couple of days,you might get a better answer

Former Member
0 Kudos

Folks,

Thank you for your help. I figured it out.

One the fields in those two objects were converted into an org level assignment and then converted back to a field level. When converting back the field was set as standard default to *. However, all the transactions were updated in su24 with P_ORGINCON and P_ORGXXCON with no default field values. And therefore when PFCG was doing a merge it was finding no transactions with any similar default values and thus it would conclude that which ever transaction had originally brought in the objects was removed and therefore the objects were no longer required - thereby deleting them.

Ahmad

Former Member
0 Kudos

I am having a similar problem, but the solution Ahmad found doesn't seem to fit me.

My client is running an upgrade from 4.7 to ECC 6.0.  I found that maintained authorizations in 4.7 are removed from the roles in 6.0 when the generator suggests new standard authorizations with different authority.  The maintained authorization is not retained (even a display authorization -- and the suggested standard authorization contains display activity and others).  It is the same whether I go into change the role in the basic mode or in the Expert mode to "Read old status and merge with new data" -- the new data isn't merging with the old status.... it is removing the old authorization.

SAP Note 679050 describes my problem perfectly, but my system is on SAP_Basis Release 702.  The Note's solution only covers systems up to 640

I don't like the idea of changing the updated role to manually add every authorization that was removed.  Also, I don't like the idea of using Expert mode "Edit old status" because I am concerned that any future change will just throw all the incomplete suggested authorizations into a role again.

I have been hunting around the site for a solution -- if you know of anything, please let me know.

Thanks,

Ed

0 Kudos

To follow the discussion I started here today, please refer to the discussion entitled "Authorization objects have been overwritten after Upgrade"