Skip to Content

When you should execute SU25

Whenever SAP delivers an upgrade or enhancement, the authorization defaults are significantly changed.

To transfer the new/updated authorization defaults from the SAP area (SU22) to the Customer area (SU24) you have to run steps 2a and 2b in SU25. With step 3 you can forward your updated default values to the other systems to get the right behavior in all following systems.

Step 2c in SU25 tries to find the roles which are affected by the change of the defaults. If you are in time pressure regarding your project and you are not able to check and update all roles you must not run that step.

Whenever you change a role regarding the menu, the comparison with the defaults will be done.

You’re encouraged to review the following FAQ-notes regarding that topic:

1539556 – FAQ | Administration of authorization default values

727536 – FAQ | Using customer-specific organizational levels in PFCG

419933 – FAQ | Maintaining change documents in user management

Hopefully this information will be helpful.

You must be Logged on to comment or reply to a post.
  • Hi Felipe,

    I see what you're doing. Which is good 😛

    Just one little advise: If you invested some more time into the contributions and make it something more than just a pointer to OSS notes, you will be loved and praised since not many blog on Security. Right now it is more in the direction "My dear diary, my favorite OSS notes are...". No offense, I am joking.

    The point is that people who know what they don't know go actively looking for OSS or and they don't need these pointers. People who don't have a clue won't go reading OSS even if you point them there (or they implemented it wrong etc.).

    If your contributions had a story going from A to B, I would find it far more fun to read and would happily recommend it to my contacts.

    Keep going, we need to build more awareness about security!

    Cheers Otto

    • Hi Otto!

      Thanks for your comments, I'm kinda green in all this blog stuff, so it's great to receive some feedback. I'll try follow a different approach in my next contributions to make it more interesting.

      Cheers, Felipe.

      • On a positive note I have never seen this "knowledge base articles" before stumbling upon yours. I am curious where this all takes us, maybe it is a new trend/ invention at SAP? Anyway, keep going, I meant well, I swear.

        cheers Otto

        • Yeah, actually KBAs are not quite a novelty, but SAP has split notes into corrections (still delivered by notes) and KBAs (how-to's and explanations on system standard behaviors, usually written by people from Support, and not Development).

          Cheers, Felipe.