U.12 - Impacted Profiles and Authorizations

During an SAP installation, a table named USOBT is created, which contains SAP’s standard for associating authorization objects with SAP transactions. This table controls the authorization checks made by ABAP objects.

During an upgrade, customers must perform a step which copies their existing profiles from the Source system to the Target system, adjusting any differences that the new USOBT table may contain.

  • There may be new authorization objects not currently associated with ‘Source’ transactions, that are required for the new ‘Target’ transactions.

  • Authorization objects that are checked in the Source system may have been removed from the Target system.

After the copying step has taken place, all of the changed profiles on the Target system must be adjusted to meet the customer’s security standard. This usually involves significant effort, and must be given serious consideration when estimating the time and resources required for the upgrade.

The U.12 - Impacted Profiles and Authorizations workflow extracts the profiles from the specified Source and Target systems, and performs a comparison of the used transactions and associated objects enabled by each of the profiles, excluding any universal or derived roles. The results are stored in a Table dataset which provides data for the Security Dashboard report and Excel spreadsheet.

Creating RFC Destinations

Before you begin, you will need to create RFC Destinations for each of the SAP systems you wish to compare, and for the system from which to retrieve performance history data.

In the LiveCompare hierarchy, select the RFC Destination from which to retrieve performance history data, and click the PHD tab. Enter a value (n) in the ‘Keep this many months of data:’ field, and click ‘Update Data’ to download the most recent <n> months of performance history data. You may also specify a schedule so that the available performance history data is downloaded at regular intervals. See the Retrieving Performance History Data help topic for details.

Preparing the Workflow

To prepare the U.12 - Impacted Profiles and Authorizations workflow, log in as a LiveCompare Editor and drag its workflow template from the Templates folder into your own workspace. Then modify the workflow as follows:

To specify the Current or As-Is system:

  1. Select the System 1 parameter and choose ‘Edit RFC Destination’ from its context menu to display the RFC Destination dialog.

  2. Select the RFC Destination for the system to analyze, then click ‘Save’.

To specify the New or To-Be system:

  1. Select the System 2 parameter and choose ‘Edit RFC Destination’ from its context menu to display the RFC Destination dialog.

  2. Select the RFC Destination for the system to analyze, then click ‘Save’.

To specify the system from which to retrieve performance history data:

  1. Select the System 3 parameter and choose ‘Edit RFC Destination’ from its context menu to display the RFC Destination dialog.

  2. Select the appropriate RFC Destination, then click ‘Save’.

Save the workflow using the ‘Save’ toolbar button.

Running the Workflow

To run the U.12 - Impacted Profiles and Authorizations workflow, click the 'Run' toolbar button, choose ‘Run Now’ from the diagram’s context menu, or press F5. The currently running workflow action is marked with an animated display. When the workflow execution has completed, select the Impacted Profiles and Authorizations dataset and choose ‘View Details’ from the context menu to display the table contents. This table is returned to the Run Complete Analysis workflow, and provides data for the Security Dashboard report and Excel spreadsheet.