Hello Security Gurus,
I've run through SU25 post EHP7 implementation and have found the following inconsistencies within my roles now that i cannot find any info on in other posts, forgive me if the information is already out there.
Issue #1: In our ECC system, we have a number of Transactions with S_RFC as a checked object in this form:
ACTVT: 16
RFC_NAME:
RFC_TYPE:
Leaving the RFC_NAME and RFC_TYPE blank so we can adjust in PFCG in read and merge mode. After the upgrade, when I read and merge, I lose all entries we 'maintained' for S_RFC object. Does anyone know if this object no longer allows maintenance in PFCG and what the reasons for this may be? Is there a workaround to keep it as is in the old system?
Issue #2: We have 2 Transactions: RBDAPP01 & RSEOUT00, which in our original ECC system brought in objects: S_DEVELOP, S_DATASET AND S_PROGRAM. However, in the upgraded EHP7, when I do a read and merge, I lose all those values. When I look in USOBT_C in the original system, I DO NOT see the objects S_DEVELOP, S_DATASET AND S_PROGRAM, but they are indeed listed in PFCG.
My question is: If SU24 does NOT contain a check for an authorization object, is there any other way that object can be automatically added in PFCG in the Expert Mode for Profile Generation - Read old status and merge with new data? Images below are to illustrate this issue:
In PFCG after doing a Read and Merge:
In USOBT_C, as you can see S_DATASET isn't associated to RBDAPP01:
Thanks for your time,
Chris