Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security related changes due to SP and EHP upgrades

Go to solution
sdipanjan
Active Contributor

‎10-20-2011 2:46 AM

0 Kudos

Dear Gurus,

I was trying to look for the information for finding out security related changes i(Auth Objects, Transaction Codes, Auth Proposals for TCodes etc.) due to SP level change or EHP upgrade. Couldn't find out proper source or information to find it in SAP system (like PRGN_CORR2, TOBJVOR, TOBJVORDAT etc.) or in any SAP Notes.

Can you please help in this regard or share your thoughts. My motive is to find out the impact analysis (at least in high level) before going for actual upgrade on these as per the requirement came across. Many thanks in advance.

regards,

Dipanjan

1 ACCEPTED SOLUTION

Go to solution
mvoros
Active Contributor

‎10-20-2011 7:03 AM

0 Kudos

Hi,

after you perform upgrade you still have to run SU25. This transaction will give you a list of changes. In case of enhancement packs there is an impact analysis tools that tells you which roles need to be checked when you activate new functionality delivered by enhancement pack.

Cheers

6 REPLIES 6

Go to solution
mvoros
Active Contributor

‎10-20-2011 7:03 AM

0 Kudos

Hi,

after you perform upgrade you still have to run SU25. This transaction will give you a list of changes. In case of enhancement packs there is an impact analysis tools that tells you which roles need to be checked when you activate new functionality delivered by enhancement pack.

Cheers

Go to solution
sdipanjan
Active Contributor
In response to mvoros

‎10-20-2011 7:31 AM

0 Kudos

Hi Martin,

Thanks for your time and thought. Actually I am looking for some per-delivered information on this so that we can see what are the Objects going to be affected after doing the upgrade. I mean, before applying next level of SP or EHP in the system I want to know what are things going to delivered with these. Hope I am explaining properly the requirement. Else, please let me know.

regards,

Dipanjan

Go to solution
mvoros
Active Contributor
In response to mvoros

‎10-20-2011 11:18 PM

0 Kudos

Hi,

I don't think there is anything like that. So if you have infrastructure then you can copy development environment, apply SP and then check what will be changed. Other benefit will be that whole team can train on sandbox.

Cheers

Go to solution
Former Member
In response to mvoros

‎10-28-2011 12:55 PM

0 Kudos

Excuse me for scuffling in late to the party,

Panaya is offering precisely such a tool. I was looking for exactly the same thing, since we plan to implement EHP1-5 in one landscape soon. They are offering that tools as an SaaS (as they do with all their tools), so you don't have to install anything. Just run one abap that is creating/transferring the file to their site, where they will generate the Tickets for every item found (in all of the usual suspect categories from repository to roles).

Check out their website at panayainc.com.

Go to solution
Former Member

‎10-20-2011 11:28 PM

0 Kudos

In the development and QAS system you can "buy time" via SAP_NEW. Delete it before the upgrade so that it only contains new objects.

Then take a look at table [TCODE_MOD|https://wiki.sdn.sap.com/wiki/display/Security/BestPractices-HowtofindTCodeschangedafterupgraderegarding+SU24-data] after the upgrade (not sure abot the spelling, but there is a wiki by Bernhar about it).

It will tell you which tcodes are affected before you process Su35 step 2s. It will tell you which roles (AGR_TCODE and AGR_BUFFI) are affected. In this way you can estaimate the impact.

I built a tool with a colleague which computes the whole lot for me and simulates the "read old and merge new" deficiencies before the upgrade and compares them to the same after the upgrade.

Often the result tells you that it is best to start over again (particularly if the upgrade results have little impact on the roles....).

Release upgrades are a great opportunity to start over again and use menus.

Cheers,

Julius

ps: PRGN_CORR2 is very unreliable. Ignore step 2D as well.

Edit to add correct URL to the wiki.

Go to solution
arpan_paik
Active Contributor

‎10-31-2011 11:32 AM

0 Kudos

As to read data from table TCODE_MOD you have to run SU25 Step2a, so pressume that this is done. With the list of impacted txn you will get the list of impacted objects from table USOBT_CD and USOBX_CD (here only do not check will be relevant). However if you do not have choice to run Step 2a as of now. Then you might refer to some internal upgraded system to have a high level view.

Regards,

Arpan Paik