04-21-2009 11:32 AM
I'm in an upgrading proj from 4.6C to 6.0,
Please bear with me. I'm rather new in upgrading projects.
I found that some TXN - OBJ proposal mapping (previously present in 4.6C) is missing in 6.0
I compared all the entries with Check flag = Y in USOBX table of 4.6C and 6.0, and discovered a list of Txn-obj mapping missing after upgrade!
-
E.G
In 4.6C
SAP proposed this objects when XK03 is added to a role
F_KNA1_GEN
F_KNA1_GRP
F_LFA1_AEN
F_LFA1_APP
F_LFA1_BEK
F_LFA1_BUK
F_LFA1_GEN
F_LFA1_GRP
M_LFM1_EKO
In 6.0
SAP proposed this objects when XK03 is added to a role
B_BUPA_RLT
F_LFA1_APP
F_LFA1_BEK
F_LFA1_BUK
F_LFA1_GEN
F_LFA1_GRP
M_LFM1_EKO
-
After comparing, these 3 objects are missing from SAP standard proposal!
F_KNA1_GEN
F_KNA1_GRP
F_LFA1_AEN
Worst of all, the are also removed in customer table USOBX_C and USOBT_C table.
-
My questions are
1) Is there a way to prevent SAP from removing entries from USOBX_C and USOBT_C tables during upgrade? - Is there at least some form of control? It seems that after upgrade to 6.0, USOBX_C and USOBT_C table will have new entries, and missing entries compared to 4.6C.
Any way to list out the expected changes before the system really does the "damage"?
2) Why does SAP remove standard proposal from 4.6C after upgrade?
I can understand adding of new mapping to customer data, but removing existing values from customer data is not nice.
3) Since SAP removed the mapping from USOBX and USOBT, can we assume that the checking of auth object is not required for that particular txn?
My only way to answer this is to scan all ABAP code to check for AUTHORITY-CHECK statements.
Another way is to test every role and then fight the fire.
4) SAP has removed the proposal link between txn vs auth object.
This means when I add txn, e.g XK03 to a role, the 3 objects
F_KNA1_GEN
F_KNA1_GRP
F_LFA1_AEN
system will no longer pull any proposed values to my role.
What happen to existing roles which previously has XK03 and
F_KNA1_GEN
F_KNA1_GRP
F_LFA1_AEN
maintained? Do I need to remove these 3 objects from the roles?
- I did a test , if I select Change Auth Data , the object F_KNA1_GEN is still present in the role.
If I select edit in Expert Mode - Read old status and merge with new data, the object is removed automatically.
It seems dangerous to use Expert Mode, as auth objects might be removed from the role without us
knowing unless we compare BEFORE and AFTER....
04-21-2009 12:24 PM
> After comparing, these 3 objects are missing from SAP standard proposal!
> F_KNA1_GEN
> F_KNA1_GRP
> F_LFA1_AEN
>
> Worst of all, the are also removed in customer table USOBX_C and USOBT_C table.
> -
The proposal comes from these tables so the fact that they're missing there looks fairly normal to me.
>
>
> My questions are
>
> 1) Is there a way to prevent SAP from removing entries from USOBX_C and USOBT_C tables during upgrade? - Is there at least some form of control? It seems that after upgrade to 6.0, USOBX_C and USOBT_C table will have new entries, and missing entries compared to 4.6C.
I would think you'd need to perform step 1 in tr. SU25 to get this result. Can you see who did that and when?
>
> Any way to list out the expected changes before the system really does the "damage"?
Yes, right after the upgrade and before running SU25-step 1 compare USOBT and USOBT_C and USOB_X and USOBX_C.
> 2) Why does SAP remove standard proposal from 4.6C after upgrade?
> I can understand adding of new mapping to customer data, but removing existing values from customer data is not nice.
The customer tables are completely overwritten. This is expected behaviour.
> 3) Since SAP removed the mapping from USOBX and USOBT, can we assume that the checking of auth object is not required for that particular txn?
You can start with assumptions but I would test it.
> 4) SAP has removed the proposal link between txn vs auth object.
> This means when I add txn, e.g XK03 to a role, the 3 objects
> F_KNA1_GEN
> F_KNA1_GRP
> F_LFA1_AEN
> system will no longer pull any proposed values to my role.
>
> What happen to existing roles which previously has XK03 and
> F_KNA1_GEN
> F_KNA1_GRP
> F_LFA1_AEN
> maintained? Do I need to remove these 3 objects from the roles?
Not necessarily, unless they would damage your authorization concept by providing too wide authorizations for another tcode in this users' roles.
>
> - I did a test , if I select Change Auth Data , the object F_KNA1_GEN is still present in the role.
> If I select edit in Expert Mode - Read old status and merge with new data, the object is removed automatically.
This is also expected behaviour. With this option SAP checks the proposals for all transactions present in the role menu. Only objects that were entered in the same 'automatic' way into the role earlier and which are still in the customer tables remain unaltered.
>
> It seems dangerous to use Expert Mode, as auth objects might be removed from the role without us
> knowing unless we compare BEFORE and AFTER....
This is one of the dangers of upgrading a system.
[SAP Help|http://help.sap.com/saphelp_nw2004s/helpdata/EN/e3/3b9e583bc311d5b3cb0050dae02d7c/frameset.htm] has a lot of info on the subject.
Also George G filled a nice thread: about his experiences during a similar upgrade.
05-04-2009 5:17 PM
Dominick - Please let me know if you found any solution.
I observed that USOBT_C entries (in Old system) that have "x" in MODIFIED column has transfered to Upgraded system. Others were not transferred.