Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from SAPAUSSEC on Aug 13 at 6:33 PM First with PFCG it _never _proposes all necessary values and objects.
It cannot know what company codes plants order types you wish to use as
it will change from site to site. Also some authorisation objects are
optional and require supporting configuration which may not have been
necessary to implement - e,g, authorisation groups.
So it is necessary to investigate and test every transaction in every
role. Then some authorisation checks depend upon the workflows which are
configured for each customer - e.g. is HR being used, are projects
linked to sales or Production planning, what functions in the
controlling module are being used
Finally SAP may propose authorisation objects which are not going to be
needed by an end user and which should not be allocated - they cover
rarely used functionality which needs to be restricted.
Also I think you will find multiple steps in SU25 and the purpose as is
follows:
Step 1 Fill the customer tables with SAP default SAP values (tables
USOBT_C and USOBX_C. This is done the first time on implementation to
fill the tables - ONLY the first time otherwise subsequent customer
changes will be overwritten by a new release.
Step 2 multiple steps as follows which also apply to upgrades:
2A compare new default values after an upgrade
2B Compare transaction check values (from SU24 which may have
changed due to the upgrade or due to earlier customer changes). If you
have made changes to check indicators or field values using SU24 they
are compared to the new SAP default values and reported where a decision
is made whether or not to make any further customer changes.
2C Lists roles to be checked for authorisation changes after an upgrade
2D Display changes transaction codes after an upgrade
Step 3 Transport customer tables
Step 4 Change check indicators in SU24
Step 5 Deactivate authorisation checks globally (SHOULD NOT BE USED)
step 6 Copy Data from old profiles (SHOULD NOT BE USED)
etc
All this needs to be investigated and resolved by the security analyst
| | | ---------------Original Message---------------
From: jack mays
Sent: Wednesday, August 13, 2014 7:10 AM
Subject: Tables USOBT_C & USOBX_C
After you run the SU25 you get what SAP deems as the standard objects for
that transaction. As we all know SAP is to be customized to your company
which is why you will get some failures when you are running transactions.
At that time yes, run ST01 with the user and if needed maintain the SU24
to customize the transaction for your company or find out if the user is
actually jumping to another transaction which happens sometimes.
Just make sure to work with the SME and not a user that is trying out
something new or not following a process correctly because of lack of
information.
Hope that helps. |
| Reply to this email to post your response. __.____._ |   _.____.__ |
