-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
- Autonomous Enterprise
- Artificial intelligence
- Data and analytics
- Autonomous Suite
- Technology platform
- Transformation management
- Midsize business solutions
- Financial management
- Spend management
- Supply chain management
- Human capital management
- Customer experience
- Enterprise resource planning
- Business network
- Sustainability management
- SAP Store
- Try SAP
- View all industries
- Partners
- Services
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- Autonomous Enterprise
- Artificial intelligence
- Data and analytics
- Autonomous Suite
- Technology platform
- Transformation management
- Midsize business solutions
- Financial management
- Spend management
- Supply chain management
- Human capital management
- Customer experience
- Enterprise resource planning
- Business network
- Sustainability management
- SAP Store
- Try SAP
- View all industries
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Groups
- Interest Groups
- Application Development and Automation
- Discussions
- S_TCODE level issue after upgrade
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
S_TCODE level issue after upgrade
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 17 7:38 AM
- SAP Managed Tags
- Security
Hi,
We did upgradation from 4.6B to ECC.We have encountered the below mentioned issue. Please check and advice.
In 4.6B, we can delete Tcodes from S_TCODE also instead of deleting in MENU level in a Role. Previously, our people have deleted Tcodes directly in S_TCODE level instead of deleting from MENU level in some of the roles.
After upgrade from 4.6B to ECC, we have encountered a problem like all the Tcodes which are their in MENU got pushed to S_TCODE and we are also able to find Tcodes which we had directly removed from S_TCODE in the roles.
Is their any possibility to get the list of roles which were affected like that in upgrade?
We should not delete Tcodes directly from s_tcode as per standards. But it happened previously. In ECC, SAP is not giving chance to delete Tcodes directly from S_TCODE.It is good thing.
Please check and advice me on the above mentioned query.
Thanks & Regards,
KKRao.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 18 6:32 AM
- SAP Managed Tags
- Security
>
> After upgrade from 4.6B to ECC, we have encountered a problem like all the Tcodes which are their in MENU got pushed to S_TCODE and we are also able to find Tcodes which we had directly removed from S_TCODE in the roles.
>
> Is their any possibility to get the list of roles which were affected like that in upgrade?
Hi,
all your roles, which have different t-code entries in the menu compared to the manual changed S_TCODE authorizations are affected. Please refer to the famous SAP note 113290.
If you have not merged the authorizations yet after upgrade (for instance by going through SU25 2.x), you could try to get that information from SUIM.
First selection Roles by complex selection cirteria (S_BCE_68001425)->enter role name. On the result list press the button 'Transaction assignements' (CtrlShftF11)
-->this shows you the t-codes contained in the menu
Then press 'Profile assignements' (CtrlShftF10). Expand the profile(s) by doubleclicking on the profile name and expand the Object S_TCODE (field TCD). This will give you the list of t-codes contained in the authorization.
If there is a delta, this role will be affected at next merge.
I don't think it is worth the effort to find out which roles are affected. Rather take the upgrade as opportunity to redesign/rebuilt your roles. Sooner or later you will have to do this anyway 8remember that it is necessary to go through SU25...... to get the new authorizations for the new implemented checks and there will be a lot of them as the difference between 46B and 700 is quite big!
So the best idea will be to set up new roles as part of a new authorization concept..... as struggling with the old ones might be much more time consuming than starting from scratch.
b.rgds,
Bernhard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 17 12:06 PM
- SAP Managed Tags
- Security
Hi,
Could you please check and advice on the above mentioned issue?
Thanks & Regards,
KKRao.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 17 12:54 PM
- SAP Managed Tags
- Security
>
> Hi,
>
> Could you please check and advice on the above mentioned issue?
>
> Thanks & Regards,
> KKRao.
How much are you paying for the SDN support that requires people to give answers at short notice?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 17 12:32 PM
- SAP Managed Tags
- Security
> After upgrade from 4.6B to ECC, we have encountered a problem like all the Tcodes which are their in MENU got pushed to S_TCODE and we are also able to find Tcodes which we had directly removed from S_TCODE in the roles.
>
Are those Deleted TCodes (from S_TCODE) are still present in S_TCODE or in Menu? Please clarify..
> Is their any possibility to get the list of roles which were affected like that in upgrade?
>
Check in table CD1251... put the Object S_TCOODE and execute.. let me know if you
> We should not delete Tcodes directly from s_tcode as per standards. But it happened previously. In ECC, SAP is not giving chance to delete Tcodes directly from S_TCODE.It is good thing.
>
You should not add or remove TCode by adding S_TCODE manually in the authorization tab unless it is really necessary.
Regards,
Dipanjan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 17 1:37 PM
- SAP Managed Tags
- Security
Hi,
Thanks for your update.
Please find the below information:
Q1) Are those Deleted TCodes (from S_TCODE) are still present in S_TCODE or in Menu? Please clarify..
Ans: Yes, those Tcodes are present in S_TCODE level and Menu level also.
Q2) Check in table CD1251... put the Object S_TCOODE and execute.. Let me know if you
When we run this table, we are getting message like No table entries found for specified key.
Q3) You should not add or remove TCode by adding S_TCODE manually in the authorization tab unless it is really necessary.
Ans: Yes, I will agree for this.
Please check and advice me if their any possibility to get the list of roles.
Regards,
KKRao.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 17 2:37 PM
- SAP Managed Tags
- Security
>
> Q1) Are those Deleted TCodes (from S_TCODE) are still present in S_TCODE or in Menu? Please clarify..
>
> Ans: Yes, those Tcodes are present in S_TCODE level and Menu level also.
>
Then it become simple... just remove them from the menu and generate the profile by entering into the Authorization in "Expert Mode" -> "Change Old status and Merge with New Data"... Also I would like to suggest you to reassess the authorization structure of your Landscape for more efficient usage. Instead if searching those roles where TCodes were removed manually from S_TCODE rather than menu.
> Q2) Check in table CD1251... put the Object S_TCOODE and execute.. Let me know if you
>
> When we run this table, we are getting message like No table entries found for specified key.
>
hmmm..... can you please try SCU3 and change log of AGR_1251 (if logging is active)? really speaking, it is a tough Job or merely impossible to sort out those roles where these changes were carried out on 4.6B
> Q3) You should not add or remove TCode by adding S_TCODE manually in the authorization tab unless it is really necessary.
>
> Ans: Yes, I will agree for this.
>
> Please check and advice me if their any possibility to get the list of roles.
>
One more question .. what did you get in the 2C and 2D steps during Security Upgrade? Also please think about to go for restructuring Role design as you have crossed a long way from 4.6B to ECC --- a big jump..!!
Regards,
Dipanjan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 18 6:32 AM
- SAP Managed Tags
- Security
>
> After upgrade from 4.6B to ECC, we have encountered a problem like all the Tcodes which are their in MENU got pushed to S_TCODE and we are also able to find Tcodes which we had directly removed from S_TCODE in the roles.
>
> Is their any possibility to get the list of roles which were affected like that in upgrade?
Hi,
all your roles, which have different t-code entries in the menu compared to the manual changed S_TCODE authorizations are affected. Please refer to the famous SAP note 113290.
If you have not merged the authorizations yet after upgrade (for instance by going through SU25 2.x), you could try to get that information from SUIM.
First selection Roles by complex selection cirteria (S_BCE_68001425)->enter role name. On the result list press the button 'Transaction assignements' (CtrlShftF11)
-->this shows you the t-codes contained in the menu
Then press 'Profile assignements' (CtrlShftF10). Expand the profile(s) by doubleclicking on the profile name and expand the Object S_TCODE (field TCD). This will give you the list of t-codes contained in the authorization.
If there is a delta, this role will be affected at next merge.
I don't think it is worth the effort to find out which roles are affected. Rather take the upgrade as opportunity to redesign/rebuilt your roles. Sooner or later you will have to do this anyway 8remember that it is necessary to go through SU25...... to get the new authorizations for the new implemented checks and there will be a lot of them as the difference between 46B and 700 is quite big!
So the best idea will be to set up new roles as part of a new authorization concept..... as struggling with the old ones might be much more time consuming than starting from scratch.
b.rgds,
Bernhard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 18 4:23 PM
- SAP Managed Tags
- Security
>
> I don't think it is worth the effort to find out which roles are affected. Rather take the upgrade as opportunity to redesign/rebuilt your roles. Sooner or later you will have to do this anyway 8remember that it is necessary to go through SU25...... to get the new authorizations for the new implemented checks and there will be a lot of them as the difference between 46B and 700 is quite big!
>
> So the best idea will be to set up new roles as part of a new authorization concept..... as struggling with the old ones might be much more time consuming than starting from scratch.
>
> b.rgds,
> Bernhard
Yes.. I am also agree with this ... in fact I have already mentioned this in my post. Please do this..
Regards,
Dipanjan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 18 9:06 PM
- SAP Managed Tags
- Security
I add my vote to Bernhard and Dipanjan as well.
> We did upgradation from 4.6B to ECC.
Too long, too many changes, too many manual entries, too many bugs, too many "original" entries, too many new objects and improved "proposals", major change in the buffering mechanism, many new and obsolete transactions not all of which are in SU25 step 2d, etc..
Starting on a clean slate should be considered as a serious option for future sustainability and ease of administration of the role concept.
Cheers,
Julius
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Jun 19 4:27 AM
Bluesky