Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
Showing results for 
Search instead for 
Did you mean: 

Security Upgrade to ECC 6

Former Member
0 Kudos

Hi All,

We are upgrading the SAP from 4.6c to ECC 6. We have completed the SU25 and modification of roles is DEV system. Now we are moving them to TST system for testing. Can anybody give the checklist before going for testing. This is also required when the changes will be moving to Pro-production and Production. So Please list out the check-List in terms of Security perspective when the system is upgrade to ECC 6.

Thanks in advance for you suggestions.




0 Kudos

Hi Kanakipati.

However i turn this question around I always end up in " What development routines do you have normally?".

Meaning. How did you prepare the tests in your 4.6 system?

So my response would actually be to:

  • Make sure transports are correctly imported.

  • Make sure profiles are generated for the roles

  • Set up test users with roles

  • Test

You should already have developed and made an initial test in the development system that the access is working according the specification.

Other than the development part I can also think of some parameters you need to consider but I would hope they are in the upgrade guide.

example. auth/new_buffering which was introduced in WAS 6.40 (of I remember correctly).

Finally, there are some new features like that the password is now case sensitive and that may cause issues.

Hope the best for your upgrade!


0 Kudos

To add a bit to Fredrik's comments.

MANY things have changed at the table / field level and at the application level there are several new improved features, including reports (adapted for the changes in the tables and security parameters) and some obsolete things which you should no longer use. There are also fields which are release dependent, and generally trying to interpret fields and their values directly from tables has become more hazardous.

Upgrading from 46C to 7.00 would, for auth/new_buffering, only impact the fact that the older values are no longer available. It was introduced in kernel 46D (so 46B) as far as I know, and with a few hickups (2,3) has become '4' => most noticable is that when updating a role and re-generating the profile, the currently logged on users assigned to the role do not have to logoff and on again to have the access.

This was the same before, if the profile was assigned and the profile itself was changed (as opposed to a new profile being assigned).

The password features are important as well, see => /people/sap.user72/blog/2005/10/19/attention-security-administrators-new-password-rules-are-on-their-way and subsequent SAP notes.

For the authorizations part, there is a "sticky" thread at the top of this forum which will give you a start and help with some search terms and names. I recently added an FAQ thread on "upgrades" to it, thanks to Jurjen Heeck.

Hope that helps to get you started,


PS: Please search first, and then ask detailed questions. There are many aspects to security.