Hi.

Use transaction su25

This transaction is used to fill the customer tables of the Profile

Generator the first time the Profile Generator is used, or update the

customer tables after an upgrade. The customers tables of the Profile

Generator are used to add a copy of the SAP default values for the check

indicators and field values. These check indicators and field values are

maintained in transaction SU24. If you have made changes to check

indicators, you can compare these with the SAP default values and adjust

your check indicators as needed.

Step 1

o If you have not yet used the Profile Generator or you want to add

all SAP default values again, use the initial fill procedure for the

customer tables.

Steps 2a to 2d

o If you have used the Profile Generator in an earlier Release and

want to compare the data with the new SAP defaults after an upgrade,

use steps 2a to 2d. Execute the steps in the order specified here.

- Step 2a

is used to prepare the comparison and must be executed first.

- Step 2b

If you have made changes to check indicators or field values in

transaction SU24, you can compare these with the new SAP default

values. The values delivered by SAP are displayed next to the

values you have chosen so that you can adjust them if necessary.

If you double-click on the line, you can assign check indicators

and field values. You maintain these as described in the

documentation for transaction SU24.

Note on the list of transactions to be checked

To the right of the list you can see the status which shows

whether or not a transaction has already been checked. At first

the status is set to to be checked.

If you choose the transaction in the change mode and then choose

save, the status is automatically set to checked.

By choosing the relevant menu option in the list of transactions

you can manually set the status to checked without changing

check indicators or field values, or even reset this status to

to be checked.

If you want to use the SAP default values for all the

transactions that you have not yet checked manually, you can

choose the menu option to copy the remaining SAP default values.

- Step 2c

You can determine which roles are affected by changes to authorization

data. The corresponding authorization profiles need to be edited and

regenerated. The affected roles are assigned the status "profile

comparison required".

Alternatively you can dispense with editing the roles and manually

assign the users the profile SAP_NEW (make sure the profile SAP_NEW only

contains the subprofiles corresponding to your release upgrade. This

profile contains authorizations for all new checks in existing

transactions). The roles are assigned the status "profile comparison

required" and can be modified at the next required change (for example,

when the role menu is changed). This procedure is useful if a large

number of roles are used as it allows you to modify each role as you

have time.

Note

The process can take several minutes.

To go directly to the authorization data for a role, double-click the

relevant role in the output list.

If you have roles in several clients, you must perform this step in

every client to determine which roles are affected.

- Step 2d

Transactions in the SAP system are occasionally replaced by one or more

other transactions.

This step is used to create a list of all roles that contain

transactions replaced by one or more other transactions.

The list includes the old and new transaction codes. You can replace the

transactions in the roles as needed. Double-click the list to go to the

role.

Step 3

This step transports the changes made in steps 1, 2a, and 2b.

Tailoring the Authorization Checks

This area is used to make changes to the authorization checks.

o Changes to the check indicators are made in step 4. You can also go

to step 4 by calling transaction SU24.

- You can then change an authorization check within a transaction.

- When a profile to grant the user authorization to execute a

transaction is generated, the authorizations are only added to

the Profile Generator when the check indicator is set to

Check/Maintain.

- If the check indicator is set to do not check, the system does

not check the authorization object of the relevant transaction.

- You can also edit authorization templates that can be added to

the authorizations for a role in the Profile Generator. These

are used to combine general authorizations that many users need.

SAP delivers a number of templates that you can add directly to

the role, or copy and then create your own templates, which you

can also add to roles.

- See the general documentation for the meaning of the check

indicators.

o In step 5 you can deactivate authorization objects systemwide.

o In step 6 you can create roles from authorization profiles that you

generated manually. You then need to tailor and check these roles.

More documentation for the Profile Generator and for changing check

indicators

See also the general documentation on the Profile Generator in the SAP

Library. Choose:

Basis Components -> Computing Center Management System -> Users and

Roles or in the Implementation Guide (IMG), choose: Basis Components ->

System Administration -> Users and Authorizations -> Maintain

Authorizations and Profiles using Profile Generator.

Regards

Ben

Hi Ben..

Thanks to reply for the question...

but my question how it happened.. we executed that su25 transaction...

still we are not able to find how the authorization objects are missing after the upgrade...

please reply me if u know the answer..

thanks in advance..

regards,

Mohankumar.G

Hi,

You mean to say missed user define authorization objects?

or

Let me know few missed authorization objects.

Regards

Ben.