Skip to Content
avatar image
Former Member

PFCG - Read from old status and merge with new deletes authorizations

After migrating to Context Based Structural Authorizations using P_ORGINCON and P_ORGXXCON we have observed that when a new transaction is added to a role and the Expert mode is used (Read from old and merge with new) all the P_ORGINCON and P_ORGXXCON objects are deleted and replaced by the a standard new object.

The only note we can find is 679050 but this does not apply to our system as we are on SAP Basis Version 700.

As part of the migration all transactions that used P_ORGIN were updated in su24 to include P_ORGINCON as check maintain. However, we did not set P_ORGIN to 'do not check'.

The HR master switch has been updated with P_ORGINCON turned on and P_ORGIN turned off.

Any help would be appreciated.

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

4 Answers

  • Best Answer
    May 16, 2007 at 04:39 PM

    Hello Ahmad

    The merging process in transaction PFCG is a little tricky. Please check SAP note

    113290 for detailed examples on how this merging process works.

    Regards,

    Désiré

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 17, 2007 at 07:03 AM

    hi,

    it should not happend...

    since read old status & merge with new data.

    the PG compares the old and current data from the role ,this is the best choice if the role has changed. unchanged data is marked as old.

    objects should not get deleted.

    so wait, for couple of days,you might get a better answer

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 17, 2007 at 12:08 PM

    Folks,

    Thank you for your help. I figured it out.

    One the fields in those two objects were converted into an org level assignment and then converted back to a field level. When converting back the field was set as standard default to *. However, all the transactions were updated in su24 with P_ORGINCON and P_ORGXXCON with no default field values. And therefore when PFCG was doing a merge it was finding no transactions with any similar default values and thus it would conclude that which ever transaction had originally brought in the objects was removed and therefore the objects were no longer required - thereby deleting them.

    Ahmad

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 24, 2012 at 07:29 PM

    I am having a similar problem, but the solution Ahmad found doesn't seem to fit me.

    My client is running an upgrade from 4.7 to ECC 6.0. I found that maintained authorizations in 4.7 are removed from the roles in 6.0 when the generator suggests new standard authorizations with different authority. The maintained authorization is not retained (even a display authorization -- and the suggested standard authorization contains display activity and others). It is the same whether I go into change the role in the basic mode or in the Expert mode to "Read old status and merge with new data" -- the new data isn't merging with the old status.... it is removing the old authorization.

    SAP Note 679050 describes my problem perfectly, but my system is on SAP_Basis Release 702. The Note's solution only covers systems up to 640

    I don't like the idea of changing the updated role to manually add every authorization that was removed. Also, I don't like the idea of using Expert mode "Edit old status" because I am concerned that any future change will just throw all the incomplete suggested authorizations into a role again.

    I have been hunting around the site for a solution -- if you know of anything, please let me know.

    Thanks,

    Ed

    Add comment
    10|10000 characters needed characters exceeded