https://community.sap.com/t5/application-development-and-automation-discussions/security-upgrade-testing/m-p/8237527#M1629776 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>The SU25 is the upgrade transaction for the PFCG. In step 2a you can copy the SAP data in the customer environment. With 2b you can compare overlapping default changes from your own with SAP. In step 2c roles,where the new default values would have an impact, are marked. The roles marked with red lights are not invalid and can be used with the old authorization set. If you do not process the step 2c it might be possible that you will run in trouble with new or changed authorization checks, that is why it is recommended to run step 2c and update all red roles.</P><P></P><P>I hope this helps you.</P><P></P><P>Regards, </P><P>Blanca</P></BODY></HTML> Wed, 05 Oct 2011 07:09:03 GMT blanca_serrano 2011-10-05T07:09:03Z https://community.sap.com/t5/application-development-and-automation-discussions/security-upgrade-testing/m-p/8237526#M1629775 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>We have upgraded our sytem from R/3 4.6 to ECC 6. Have executed the post security upgarde steps and found that most of the roles/transactions got implacted. Now we are in security testing phase. It would be very helpful if you could be provide me inputs regrading how to go about security upgarde testing, stargey to be followed for this testing.</P><P></P><P>Thanks &amp; Regards</P></BODY></HTML> Wed, 05 Oct 2011 03:56:47 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-upgrade-testing/m-p/8237526#M1629775 Former Member 2011-10-05T03:56:47Z https://community.sap.com/t5/application-development-and-automation-discussions/security-upgrade-testing/m-p/8237527#M1629776 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>The SU25 is the upgrade transaction for the PFCG. In step 2a you can copy the SAP data in the customer environment. With 2b you can compare overlapping default changes from your own with SAP. In step 2c roles,where the new default values would have an impact, are marked. The roles marked with red lights are not invalid and can be used with the old authorization set. If you do not process the step 2c it might be possible that you will run in trouble with new or changed authorization checks, that is why it is recommended to run step 2c and update all red roles.</P><P></P><P>I hope this helps you.</P><P></P><P>Regards, </P><P>Blanca</P></BODY></HTML> Wed, 05 Oct 2011 07:09:03 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-upgrade-testing/m-p/8237527#M1629776 blanca_serrano 2011-10-05T07:09:03Z https://community.sap.com/t5/application-development-and-automation-discussions/security-upgrade-testing/m-p/8237528#M1629777 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>After SU25 steps, you have to identify the list of tcodes which are changed and which are new.</P><P>According to that you should visit all the roles where the above ones are present and do the necessary changes of new authorization checks(use expertmode : Read old data and merge with new data)</P><P></P><P>This step is should be done with lot of assessment with the help of business discussions.</P><P></P><P>Regards</P><P>Hari</P></BODY></HTML> Wed, 05 Oct 2011 20:17:16 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-upgrade-testing/m-p/8237528#M1629777 Former Member 2011-10-05T20:17:16Z https://community.sap.com/t5/application-development-and-automation-discussions/security-upgrade-testing/m-p/8237529#M1629778 <HTML><HEAD></HEAD><BODY><P>Do what Hari says and then ensure that your updated roles are tested in all the standard e2e business process testing as part of the general upgrade activities.</P></BODY></HTML> Thu, 06 Oct 2011 11:05:32 GMT https://community.sap.com/t5/application-development-and-automation-discussions/security-upgrade-testing/m-p/8237529#M1629778 Former Member 2011-10-06T11:05:32Z