Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Upgrade 46C to ECC 6 0 STEP BY STEP ---Developing

Former Member

‎2008 Aug 27 4:18 PM

0 Likes
5,177

Now the upgrade has reached the "POST Upgrade Steps" which means Its open to the SECURITY ( Authorizations ) to come in.

1. First I have doing the SU25.

Question -->Do I need to run (1) on SU25 .

Answer:NO this is only for IInstallation of PFCG. for upgrading to higher releases only Steps 2 down are needed.

Please correct me if I am wrong or have additional information which you want to share

41 REPLIES 41
Read only

Former Member

‎2011 Mar 04 7:37 PM

0 Likes
2,039

Julius/George,

Maybe I am misunderstanding the whole su24 process. We just implemented SAP CRM, BI and SolMan in our environment, and are just now udpating all clients.

I am in the middle of step C and have about 100 roles that have made been called out for changes (red stop light). My question is as such.

for the basic SAP core roles I am assuming that I will want to let them merge automatically.

For all of my Z roles (my company roles for specified user autherizations) it seems as if I have a few optons.

1. I notice that any autherizations I might have removed from a role for one reason or another, have been added back in it's base form. This I expected from the notes that I have read.

So for that if I do not want any changes made (I want to keep the role as it currently is) do I just deactivate and possibly again remove the unwanted auth that was added during the merge process? I read some on here somewhere that I should just diable and keep it in the role for future upgrades so that I will only truly see the actual new additions and not just the restoration of old removed rights.

2. For those roles that have "updated" it looks like it had both my configured autherization and the same autherization but with updated let's say object names or added object names.

Are these objects new objects in the environment that are needed to maintain current level of user autherization or are these (like my auth_obj exampl) old objects that were removed for security reasons the the upgrade is trying to put them back in.

IF the second is the case then I might not want those objects added back and will just retain my old role standard, but if the former is the case then I will want to allow the change.

I think I have more questions but I don't want to have my brain explode.

Read only

Former Member
In response to Former Member

‎2011 Mar 04 9:54 PM

0 Likes
2,039

SU25 step 2 tasks have a 1:many relationship with the "expert mode" in PFCG.

Well built roles are a prerequisite and for that good training and some experience is a prerequisite .

The key then is to invest some time in step 2b so that you can automate 2c as much as possible.

If your roles are badly built and you accept everything in 2b and then run 2c naively... then the only thing which might help a little bit is that you did not maintain SU24, but you will still create a mess beyond imaginable boundaries ....

Most likely the implementation consultants messed it up from the start and/or the role admin over time did not have any training on PFCG.

Sorry to be the messenger of pessimism.. ;(

Lets see what George and others have to say, however I have not seen George for a while now (this thread is old, but still a good read).

Cheers,

Julius