Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Issues in ECC 6.0 upgrade

Former Member
0 Kudos

Hello,

We are doing an upgrade from SAP 4.7 to ECC 6.0. In step 2C of SU25 we get a large number of roles in "RED". How do we identify if any additions or changes have happened to these roles. Please help

Many thanks

Vijaya

5 REPLIES 5

Bernhard_SAP
Employee
Employee
0 Kudos

Hello Vijayalakshmi,

pls use the search function in this forum (for instance <SU25> returns 11 hits, for instance this one: https://forums.sdn.sap.com/click.jspa?searchID=13818484&messageID=5409652

> How do we identify if any additions or changes have happened to these roles. Please help

>

Well, if the roles are listed in SU25/2c, then there have been changes to that roles. In normal cases the SU24 values for the contained transactions have been changed or the transactions themeselves got changed/removed/replaced.

The documentation for SU25 is quite good and gives some valuable information too.

I hope this gives you a starting point for your upgrade project.

Last tipp: it is not a good ideay, to skip SU25 after the upgrade. Sooner or later you will have to perform this task to avoid losts of reclamations regarding missing authorizations from your users.

b.rgds, Bernhard

0 Kudos

I agree the roles show up in step 2C because of some changes to the authorization objects. But is there a way to determine the exact changes? If we do a mass generation it will just include the new values added which may not be appropriate. Is the only option here a manual review of each and every role? Any suggestions?

Thanks

Vijaya

0 Kudos

Hi Vijayalakshmi,

yep. Manual adaption necessary.

To find the differences you could check SU24 before/after upgrade.

Changed/replaced t-codes can be found in table prgn_corr2.

A mass generation will not add any values, as generation does not include the merge function of pfcg.

To find out the before/after situation of authroizations simply open a role of your list in display mode (old status) and in another mode in change mode. On the authorization tab pls use the button 'expert mode' and choose 'read old status and merge with new data' (thats exact the choice SU25 will choose) to see the differences.

SU24 data is contained in table usobx_c and usobt_c.

b.rgds,

Bernhard

0 Kudos

Thank you very much for the reply. What would be the best way to do a Mass generation without activating any additional authorizations/profiles? Also, for now if just do a mass generate what would be the result?

Thanks again

Vijaya

0 Kudos

Hi again,

we handled this quesiton already in https://forums.sdn.sap.com/click.jspa?searchID=13818484&messageID=5409652

Pls have a look there. If there are still any doubts then, pls update.

if you manage to regenerate your profiles without updating them (pls see the a.m. thread), you have the 'old 'status (pre-upgrade) again. All new/additional authority-checks will fail then for the users who worked before the upgrade without problems.

b.rgds, Bernhard