Replace Transaction MRHR

We are upgardring to ECC6. one of our interfaces uses a "Call transaction" to MRHR. This transaction is not available in ECC6. The SAP recomendation is to use MIRO but we require an external FI document number which MIRO, or function "BAPI_INCOMINGINVOICE_CREATE" will not provide.
Function "BAPI_ACC_INVOICE_RECEIPT_POST" will create a financial document, posting to an external document number, but it does not seenm to clear the invoice againt a purchase order.
Does anyone have any solutions?
Requirements:
Create invoice.
Create FI document with external number
Clear the purchase order against the invoice.
Thanks  Iwan

Hi Iwan,
Were you been able to find the solution ?
I have a similar situation like yours.
Any help will be appreciated.
Regards,
Sanjay

Similar Messages

  • Transaction MRHR and MIRO - Vendor Invoice

    Good morning,
         we have completed the upgrade to 4.7 SAP version (from 4.6c) two weeks ago.
    To register the vendor invoice  for simple “Withholding tax” in 4.6c we used MRHR,
    But in 4.7 this transaction is no longer usable and we are obliged to use MIRO.
    The question is : can we use the simple  “Withholding tax” or  we must to use the extended one ?
    Then, what is necessary to do (in customizing and not) to be able to register the incoming vendor invoices for “Withholding tax” ?
    Thanks a lot in advance.
    Best regards.
    Massimo

    HI Freddy,
    Create a PO with material having price indicator as Moving avg price (V). In the PO select a feight condition and enter the freigh amount. Also enter freight vendor if known.
    Make sure for the freight condition accruals is ticked and the vendor in GR is 2 under control data 2 in tcode M/06. This enables change in the freight vendor while making GR by opening e new tab called Freight at items level.
    Since the material has price indicator V both the price and the freight goes to material accounts only.
    Also if the freight amount is not known exactly enter an app value while creating PO.  Before making the GRN since u receive the bill from forwarder u will know the freight amount for a particular PO and adjust the PO accordingly and do GRN.
    Also if possible advice the material vendor to send a copy of the invoice to the forwarder and the forwarder can send the material and freight bill together to u. Although this change in the business process is difficult discover the ways of achieving it if posssible.
    Also if the frieght amount is not known exactly even after u receive goods enter an app close value in PO,do GRN and then create a subsequent debit or credit for the remaining freight amount once u get the exact freight bill. By this way the remaining amount will go to the material if price indicator is V.
    Thx
    Raja

  • Fuction to replace transaction PREC

    Hi All,
    I am looking for a BAPI or function that can replace the use of transaction PREC.
    Thanks in advance.

    Can you elaborate in what way and most importantly WHY? ...
    TA PREC is the report RPRTEC00, i.e. the main report for the calculation of travel expenses...
    Please clarify what you actually try to accomplish.
    Cheers, Lukas

  • Replacement transaction for AFBD in ECC 6.0

    We upgraded our system from 4.6C to ECC 6.0.  The AFBD tcode was eliminated.  It RE-created a BDC Session for Depreciation Posting Run.  Does anyone know how this may be done differently in ECC 6.0?  Thank you in advance.

    Hi
    for  AFBD
    just refer this Wiki may get some help.
    https://www.sdn.sap.com/irj/scn/wiki?path=/display/erpfi/running%252bdepreciation%252busing%252brabuch00
    Regards
    Abhishek

  • Disable vendor field in MRHR

    Hi experts,
        I would like to make the field "vendor" in transaction MRHR as display only. I have created a screen variant for it in SHD0. I wonder if I need to create a z-tcode to make it effective? If yes, then I need to ask user to use ZMRHR instead of MRHR?
        For sales order, I can assign a screen variant to an order type through configuration. Is there any similar way for this tcode MRHR?
        Points will be awarded for helpful answers. Thanks.

    dear praveen
    You can have the payment program and the dunning program clear customer and vendor open items. You can also select the vendor line items, when you display the customer line items for this account.
    Before you can clear between a customer and vendor account, you must:
    1. Create a customer master record for the vendor that is also a customer.
    2. Enter the vendor account number in the Vendor field in the control section of the general data in the customer master record.
    3. Enter the customer account number in the Customer field in the control section of the general data in the vendor master record.
    4. Click in the box next to the Clrg with vend. field or Clrg with cust. field (this field will appear in the Automatic Components payment transactions section, only after Vendor field in the control section have been keyed) in the company code data in both the customer and vendor master records. In this way, each company code can decide separately whether it wants to clear the customer with the vendor.
    rewards if it helps
    siva

  • How to replace content in text data type?

    How to replace content in text data type? 
    when we sending the mails we are taking content from the database.
    The data is maintained in text data type column. Now i have to replace some of content in mail content
    (text data type column) from database. 
    I tried by using REPLACE function but data is truncated

    The data is maintained in text data type column.
    Hello,
    See REPLACE (Transact-SQL) => "If
    string_expression is not of type varchar(max) or
    nvarchar(max), REPLACE
    truncates the return value at 8,000 Bytes"
    You may should consider to Change the data type from "Text" (deprecated) to NVarChar(max).
    Otherwise you have to use
    UPDATETEXT (Transact-SQL) for the text data type.
    Olaf Helper
    [ Blog] [ Xing] [ MVP]

  • How can I find New or changed Transactions

    Hi all
    We are in process of upgrading from 4.6c to ECC 6.0. We have many roles created in 4.6c. Now we have to find the new transactions in ecc 6.0 as well as those transactions which are changed in ECC 6.0 from 4.6c.
    Thanks in advance.
    Vitthal Prabhu

    after your upgrade, if you get into SU25, you would see the 'information' tab on the top. it explains everything.
    no need to touch 1.and 2a will be taken care by DDIC user during the upgrade. so you have to go through 2b,2c and 2d.
    2b  helps you in comparing the your authority checks with SAP defaults.
    2c helps you in adjusting your roles as per the checks you selected in 2b.
    and 2d helps you in including the replaced transactions.
    since your changes in 2b step decides the roles you have to adjust, obviously you need to go in sequence. and if you just want to take a look not really changing anything you can execute any step at any time (2b,2c, 2d)but when it comes to real work you have to go thru 2b,2c and 2d in sequence.
    when you are doing 2b a workbench request will save your authority check changes. and you need to pull the roles adjusted in 2c and 2d to a transport and push them thru your landscape until production.
    there is a change with ECC6.0 with check indicator status notations.
    until ecc5.0 it used to be U,N, C and C&M but in ecc 6.0 the notation has changed which might confuse you. check with this
    http://help.sap.com/saphelp_erp2005/helpdata/EN/52/67147d439b11d1896f0000e8322d00/frameset.htm.
    ---> check indicators
    regards
    and also look for threads with upgrade info in SDN.
    Message was edited by:
            Keerti Vemulapalli
    Message was edited by:
            Keerti Vemulapalli

  • Open status of Credit Memo after rejecting all line items

    Dear Gurus
    I am facing a problem. In my company we are using 2 credit memo types. One is CR and other ZCR (Copy of CR). I have tried both but both have same problem. I have also tried creating credit memos with reference to billing document, sales document and without reference also but the issue is same.
    Problem is this we create credit memo with VA01 and post it with VF01. After posting if we cancel its posting with VF11 and reject the line items in VA02 the status of credit memo remain open. Cancellation documents are ok and completed but only credit memo in VA02 remain open even after rejecting all line items.
    I have checked incomplete log of sales document type (CR and ZCR) in VOV8 and item types (G2N) in VOV7. All fields which are defined in incompletion log are there in document header and item.
    Following is the copy paste data of Header Status tab
    Overall status       Open
    Rejection status     Everything rejected
    Credit status        Not performed
    Bill.stat.order-rel. Not invoiced
    Overall blkd status  Not blocked
    Header data     Complete                   Item data       All items complete
    Header dlv.data Complete                 Item deliv.data All items complete
    Header bill.dat Complete                   Item bill.data  All items complete
    please help.

    dear sir
    if you mean to say to check Reason for rejection's settings in OVAG i have checked it and all rejection reasons are being in use in all other sales documents too. They are working fine in all other sales document. Issue is only in these two credit memos types.
    Assigned by the System (Internal)
    Delivery date too late
    Poor quality
    Too expensive
    Competitor better
    Guarantee
    Unreasonable request
    Cust.to receive replacement
    Transaction is being checked
    These are reasons and Stat column is empty for all. Other 3 columns have no tick in any reason.

  • XCBL in ABAP without XI or BC

    Hi experts,
    I have a serious problem with interfaces unification. I need to read a xCBL sent by a partner. How to read this xCBL in ABAP?. I understand wich need a XSLT program for transform this xCBL. I don't have the Know.How to create this XSLT, where I can found any information to create the XSLT program and read the xCBL in ABAP?
    Best Regards.

    Depending on your release the process is a little bit different. 
    For NW 2004, see these instructions.
    http://help.sap.com/saphelp_NW04/helpdata/en/bf/d005244e9d1d4d92b2fe7935556b4c/frameset.htm
    For NW 7.0 see these instructions, in NW 7.0, you will, use the SOAMANAGER transaction  to configure logical ports and other stuff, this replaces transaction WSADMIN and LPCONFIG.
    http://help.sap.com/saphelp_nw70/helpdata/EN/bf/d005244e9d1d4d92b2fe7935556b4c/frameset.htm
    Regards,
    Rich Heilman

  • MIGO Screen

    Hi ,
    we have upgraded SAP from 4.7 version to ECC 6.0, also we are using Linux desktop version 4 & GUI 7.10,
    In Transaction code MIGO, Screen is not displaying correctly.
    Could some body suggest a way to sort this issue.
    Regards
    Lalit

    Hi Lalit,
    After the upgrade, have you adjusted the new replaced transactions and maintained the authorizations?
    Normally, you would need to do an security upgrade after upgrading the system. If not you would come across many performance issues.
    Regards,
    Imran

  • Create IR probelm

    Hi All,
    I have some problem on that when i create the IR using transaction MRHR
    error message.
    - Only 0.000 qty Invoice, 0.000 qty Receipt -> 0.000 EA is possible for Good Receipt
    I have some question about:
    if i create 2 IR using 1 invoice to reference
    Can i ?
    Regards,
    Luke

    Hi
    Please check if GR-Based IV is flagged in the PO line item for the error.
    Yes you can post 2 invoices using 1 invoice refernce if you have not activated the check Duplicate invoice for the Vendor & the Company code.
    Thanks & Regards
    Kishore

  • Process to consume a WSDL file in ABAP without using XI

    Hi all,
    I want to know if we can consume a WSDL file in ABAP without using XI?
    I have developed a lot of web services and gave WSDL file to respective teams.
    Now i need to consume a WSDL file in ABAP and i dont know how to do it.For creating a web service i use the web service wizard in SE37.
    Now i need to consume a WSDL file in ABAP . The WSDL file is from a third party organization. how can i consume a WSDL file in ABAP without using XI. What is the process to consume a WSDL file in ABAP without using XI
    Please help me with process and some sample code to consume a WSDL file in ABAP without using XI
    Regards,
    Jessica Sam.

    Depending on your release the process is a little bit different. 
    For NW 2004, see these instructions.
    http://help.sap.com/saphelp_NW04/helpdata/en/bf/d005244e9d1d4d92b2fe7935556b4c/frameset.htm
    For NW 7.0 see these instructions, in NW 7.0, you will, use the SOAMANAGER transaction  to configure logical ports and other stuff, this replaces transaction WSADMIN and LPCONFIG.
    http://help.sap.com/saphelp_nw70/helpdata/EN/bf/d005244e9d1d4d92b2fe7935556b4c/frameset.htm
    Regards,
    Rich Heilman

  • Accumulated Depreciation Balance in AA is not matching with GL account

    Hi Guru's
    The balance of Accu. Depre. in AA is not equal to GL account balance. I ran report for one asset class, it shows Acc. Depre. Balance is 1,20,000 but I wanted to open FBL3N and gave GL account to getting balance is 1,00,000.
    Kindly help me for the incident.
    Thanks,
    MowliT

    Dear MowliT,
    For your trouble, the cause can be many so please refer to information below, it may help you to figure out the solution.
    Critical Factor
    The values in Asset Accounting do not agree with the balances of the general ledger accounts. As possible consequences, the external auditor might not be able to certify the closing, or it may not be possible for the closing to be submitted to tax authorities. 
    Recommendation and Troubleshooting Perform a reconciliation of the values of Asset Accounting with the balances of the general ledger accounts. We recommend the following procedure:
    1. Start report RAABST02. If the report logs differences in table EWUFI_BAL (table FAGLFLEXD if the New G/L functionality is active) , proceed with the following steps. If the report does not find any differences, the general ledger and subsidiary ledger are consistent to each other. 
    2. For the account concerned, compare the last two fiscal years using the account display transaction (FS10N or FAGLB03 in New G/L) in the General Ledger. If the closing balance and opening balance differ, you have to start the balance carryforward program again for the current year.
    3. Create two asset history sheets for the accounts involved using the following parameters:
    u2022     Limiting the account assignment or the asset class in the dynamic  selections 
    u2022     Sort version 0020 
    u2022     Group totals  
    u2022     Report date u2013 fiscal year end of prior year and current year
    u2022     Setting u201CDepreciation postedu201D  If the starting and final value of the asset   history  sheets are different, you should repeat the fiscal year change in asset accounting ( transaction AJRW).
    If the starting and final values are still different after you repeat the fiscal year change, then check to see if there is an asset with a capitalization date but without acquisition data. Follow the procedure outlined in SAP Note 194635.
    4. The asset history sheet for the previous year does not agree within itself when you cross-foot. In this case: 
        a) Start RAABST01 for accounts with line item management.
        b) Start RAABST02 for reports without line item management.
        c) If the balance carryforward is affected, you now have to reset the year-end closing, perform depreciation recalculation, possibly carry out a depreciation posting run, and then run the year-end closing again.
    5. The starting balance values of the current year do not agree with the value of the balance display. There are various possible causes, that then also require different actions on your part.
         a) The difference arose already during the legacy data transfer. In this case, contact SAP Remote Consulting.
         b) Missing line items. To see which line items are involved, see the log of RAABST01 or RAABST02. There are two possible scenarios: 
    u2022     Missing line items during asset acquisition. These can be created easily using report RACORR05. In the case of multiple account assignments, use report RACORR05A. 
    u2022     Missing line items during asset retirement. These can not be created using report RACORR05. In this case, contact SAP R/3 Support, describing the exact parameters of the asset concerned. 
        c) Line items with incorrect acquisition year. This situation is found at times with postings from invoice verification (transactions MRHR or MIGO). For correcting this problem, there are a number of correction reports that are listed in SAP Note 366848. If you are unsure of how to proceed, contact SAP Support. 
        d) Account determinations that have errors or are incomplete can also cause differences, which cause errors during the euro conversion, if not before. For these errors, you should now, at the latest, consider your results from point 2. 
        e) Manual postings to asset balance sheet accounts. In this case, contact SAP Remote Consulting, with the document numbers involved.

  • EL32: Automatic monitoring of meter reading results

    When we updated to ECC6 year ago, the transaction EL32 stopped functioning. We fill in the parameters and no report is generated - nada, zilch, null. 
    Is the transaction not supported in ECC6?  If so, is there a replacement transaction and what is it? El32 had several parameters available. Is any functionality of EL32 available elsewhere in another transaction? What is/are it/they?
    Are we now doomed to code our own programmes to replace EL32's functionalities?
    Thank you to anyone who can help.
    mki

    HI,
    EL32 still runs in ECC6.0 and we  have not doomed to code our own programmes. So cheer up.
    Please check your configurations
    SAP Customizing Implementation Guide -> SAP Utilities -> Device Management -> Meter Reading -> Basic Settings -> Define Automatic Monitoring of Meter Reading Data
    Or the table TE935
    Hope this helps.
    Regards,
    Manish
    Edited by: Manish  Bisht on Jul 9, 2009 10:42 AM

  • Testing general help

    Hi Gurus,
    I am soon going to start testing on an SAP upgrade project. Whats the best way to get myself prepared for the same? I am currently studying the client's Buiness processes, however there are just too many docs and these are getting me confused. Also I am concerned that all this time studying the docs is not wasted. If you have been in a similar situation before, please let me know how do you go about it. testing will be Functional + integration.

    hi dave,
    pls see the below matter i think it gives you a solution.
    SAP R/3
    Security Upgrades
                                                                                    1.             overview
    The purpose of this document is to provide additional information that could be helpful with SAP Security upgrades, especially pertaining to 4.6C.
    This document is not aimed at replacing the SAP Authorizations Made Easy guidebook’s procedures, but rather to complement these based on lessons learnt from previous upgrade projects. 
    It is focused mainly on upgrades from 3.1x to 4.6x and covers the following:
    ·        Evaluation of the Security Upgrade approaches;
    ·        “Gotchas” to watch out for with SAP’s SU25 utility;
    ·        Transactions and authorizations that require special attention; and
    ·        Helpful reports, transactions, hints and tables to know.
    It is highly recommended that you review the chapter on upgrades in the Authorizations Made Easy guide before attempting the security upgrade.
    See OSS note 39267 for information on obtaining the Guide, or visit SAPLabs’ website at: http://wwwtech.saplabs.com/guidebooks/
    2.             Security upgrade objectives, Process and approaches
    2.1.               Objectives
    There are a couple of objectives for having to upgrade the SAP Security infrastructure:
    ·   Converting manual profiles created via SU02 to activity groups, as SAP recommends the use of Profile Generator (PFCG) for the maintenance of profiles;
    ·   Adding new transactions representing additional functionality to the applicable activity groups;
    ·   Adding the replacement transactions that aim at substituting obsolete or old-version transactions, including the new Enjoy transactions;
    ·   Adjusting the new authorization objects that SAP added for the new release; and
    ·   Ensuring that all existing reports, transactions and authorizations still function as expected in the new release of SAP.
    2.2.               Overview of the Security upgrade process
    Once the Development system has been upgraded to 4.6, the security team will need to perform the following steps as part of the Security Upgrade:
    ·        Convert Report Trees to Area Menus;
    ·        Review users (via SU01) to check for any new or changed fields on the user masters;
    ·        Convert manual profiles created via SU02 to Activity Groups (See Approaches below);
    ·        Compare SU24 customer settings  to new SAP default settings (SU25 steps 2A-2C);
    ·        Determine which new / replacement transactions have to be added to which activity groups (SU25 step 2D);
    ·        Transport the newly-filled tables USOBT_C and USOBX_C that contain the SU24 settings you’ve made (SU25 step 3); and
    ·        Remove user assignments to the manual profiles.
    2.3.               Approaches to convert manual profiles to Activity Groups:
    2.3.1.      Approach #1: SAP’s standard utility SU25
    SAP provides an utility for converting Manual Profiles to Activity Groups and to identify the new and replacement transactions that need to be added to each activity group.
    You can access this utility by typing “SU25” in the command box.
    If you do decide to use SU25 Step 6 to convert the Manual profiles to activity groups, you will need to watch out for the following “gotchas”:
    Naming convention (T_500yyyyy_previous name)
    All activity groups created before SU25 is run, are renamed to T_500yyyyy_previous name. 
    See OSS note 156196 for additional information and procedures to rename the activity groups back to their original names using program ZPRGN_COPY_T_RY_ARGS.  Carefully review information regarding the loss of links between profiles and user master records.
    Transaction Ranges
    Ranges of transactions are not always added correctly to the newly-created activity groups. Some of the transactions in the middle of the range are occasionally left off.  E.g. you have a transaction range of VA01 – VA04 for a specific manual profile.  After SU25 conversion, the new Activity Group only contains VA01 and VA04.  Transactions VA02 and VA03 were not added.
    It is important that a complete download of table UST12 is done prior to running SU25.  Once SU25 has been run, a new download of UST12 can be done to identify which transactions have been dropped off.
    The missing transaction codes will need to be added manually to the relevant activity group via PFCG.
    Missed “new” transactions
    The output of one of the steps in SU25 is a list of the new replacement transactions (e.g. Enjoy transactions) that need to be added per activity group.  E.g. transaction ME21N replaces ME21.  The list will identify each activity group that has ME21 where ME21N needs to be added to.
    In some cases SU25 does not identify all new transactions to be added.
    2.3.2.      Approach #2: Manual reconstruction of Profiles as Roles (Activity Groups)
    An alternative approach to SU25 is to manually create an activity group for each manual profile that was created via SU02.
    The advantage of this approach is that you won’t have any missing transactions that were “dropped off” with the SU25 conversion.  
    3.      Items requiring special attention
    3.1.   Authorizations
    Several new authorization objects have been added with release 4.6. Care should be taken when adjusting authorizations – carefully review all new defaults that were brought in. These are indicated by a Yellow or Red traffic light in PFCG.
    It is highly recommended that you first check the previous settings where new defaults were brought in, before just accepting the new defaults.  You can either use the existing 3.1x Production system or the UST12 and/or USOBT_C tables as reference.
    3.2.   ‘*’ in S_TCODE
    It’s recommended that all activity groups containing an ‘*’ in authorization object s_tcode are recreated via PFCG by selecting only those transactions required for that role.  Also, if you did previously add transactions to an activity group by manipulating the s_tcode authorization entries, it is recommended that the transactions are pertinently selected/added on the Menu tab. The object s_tcode should be returned to its ‘Standard’ status.
    3.3.   Report Trees
    Report Trees need to be converted to Area Menus using transaction RTTREE_MIGRATION..
    3.4.   ABAP Query reports
    Reports created by ABAP Query need to be added either to the activity group (Menu tab) or to an Area menu to ensure an authorization check on s_tcode level.
    3.5.   S_RFC
    The use of an authorization object for Remote Function Calls (RFC) was introduced to provide authorization checks for BAPI calls, etc. Authorization object s_rfc provides access based on the Function Group (each RFC belongs to a Function Group). Due to the potential prevalent use of RFC’s within the R/3 system, SAP has provided the ability to change the checks for this object via parameter auth/rfc_authority_check. It is possible to deactivate the checking of this object completely. However it is recommended to rather set the values as required, which makes testing even more important! 
    3.6.   Custom tables and views
    Custom views and tables that are customarily maintained via SM30, SM31,etc. will need to be added to an authorization group.  This can be done via transaction SE54 or SUCU or by maintaining table TDDAT via SM31.
    3.7.   User menus versus SAP menu
    A decision needs to be made once the first system has been upgrade to 4.6x as to whether the user menus or the SAP menu, or both are to be used.
    Most users find the new user menus confusing and unfamiliar due to duplication of transactions, etc. (if a user has more than one activity group and the same transaction appears in several, the transaction will appear multiple times). The majority of upgrades from my experience have opted to use a modified copy of the SAP menu by adding their own area menus (converted report trees).
    3.8.   Re-linking of user master records to profiles
    If you do not maintain the user masters in the same client as the activity groups, you will need to establish a strategy for re-linking the users in the QA and Productive environments when transporting the activity groups as part of the upgrade cutover. This might also be necessary depending on whether you decided to rename the Activity groups per OSS note 156196.
    Remember to thoroughly test and document all procedures and CATT scripts prior to the Production cutover.
    3.9.   Dual-maintenance
    With most current upgrades, the upgrade process will be tested on a separate environment set aside from the existing landscape. In a lot of cases a dual-landscape will be implemented where the existing landscape is complemented with an additional 4.6x test client(s).   The new 4.6x clients usually become part of the permanent landscape once the Production system has been cut over and all changes are then sourced from these ‘new’ Development and/or QA systems.
    It is imperative that all interim security-related changes are applied to both sets of systems to ensure that the ‘new’ 4.6x development source system is current with all changes that were made as part of Production support in the ‘old’ version landscape.  If not, you will have changes that were taken to Production when it was still on the older release, but are now missing after the switch is made to the 4.6x systems.
    It is thus advisable to keep changes during the upgrade project to a minimum.
    3.10. Transport of activity groups
    Changes to activity groups are not automatically recorded in 4.6x. When an activity group needs to be transported, it needs to be explicitly assigned to a change request via PFCG.
    SAP recommends that you first complete all the changes to an activity group, before you assign it to a transport request.   Once you’ve assigned the activity group to a request, do not make any further changes to it.
    You can also do a mass transport of activity groups via PFCG > Environment > Mass Transport.
    If you want to transport the deletion of an activity group, you first have to assign the activity group to a transport request before performing the deletion via PFCG.
    3.11. Client copies
    The profiles used for creating client copies have been changed, especially profile SAP_USER from 4.5 onwards. Activity groups are seen as customizing and the SAP_USER profile copies both user masters and activity groups.
    It’s recommended that the client copy profiles are carefully reviewed before the copy is performed.
    See OSS note 24853 for additional information on client copies.
    3.12. SU24
    Changes to check indicators that were made via SU24 might have to be redone as part of the upgrade.  Ensure that any resulting transport requests are noted and included in the detailed cutover plan.
    Check indicator changes done via SU24 will need to be applied for any new and replacement transactions.
    3.13. Composite Activity Groups
    Composite activity groups can be built in release 4.6x using individual activity groups.  A composite activity group does not contain any authorizations, but is merely a collection of individual activity groups.
    3.14. Central User Administration
    Central User Administration (CUA) simplifies user administration, allowing security administrators to maintain users in a single central client only.  The user masters are then distributed to other clients using ALE.  It is recommended that CUA is implemented post-upgrade and once the systems have been stabilized.  Carefully review OSS notes and the impact on the existing landscape, client copy procedures, etc. prior to implementing CUA.  It is recommended that the upgrade is kept as simple as possible – there are going to be plenty of opportunities to test your problem-solving skills without complicating the setup with new utilities!
    See Authorizations Made Easy guide for information on setting up CUA.
    See OSS notes 333441 and 159885 for additional information.
    4.      additional tips
    4.1.               OSS and Release Notes
    Review all security-related OSS and Release notes related to upgrades and to the release you’ll be upgrading to, prior to the upgrade.  It’s useful to review these before you define your workplan, in case you have to cater for any unforeseen issues or changes.
    4.2.               Workplan
    Given the amount of work and number of steps involved in the security upgrade, it is recommended that a detailed Workplan is defined at the startup of the upgrade project.  Key milestones from the security workplan should be integrated and tracked as part of the overall Upgrade Plan.
    Clear ownership of activities, including conversion of Report Trees, needs to be established.  This function is often perform by the Development team.
    4.3.               Standards and Procedures
    Naming conventions and standard procedures should be established before the manual profiles are reconstructed as activity groups.  Each team member should know how the new activity groups should be named to ensure consistency. Other standard practices for the construction of the activity groups should include:
    ·        Transactions are added via the Menu tab and not by manipulating s_tcode.
    ·        Ideally, no end users should have access to SE38, SA38, SE16 nor SE17. 
    Remember to keep Internal Audit involved where decisions need to be made regarding the segregation of job functions or changes to current authorizations are requested or brought in with new authorization objects / defaults.
    4.4.               Testing
    4.4.1.      Resources for testing
    Enough resources should be allocated to the security upgrade process as each activity group and profile will require work to some degree or the other.  It is important that key users and functional resources are involved in testing the activity groups and that this effort is catered for in the Upgrade Project plan.  Clear ownership of each activity group should be established not only for testing purposes, but also for ongoing support and approval of changes.  Ideally, the ownership and approval of changes should reside with different resources (i.e. the person requesting the addition of a transaction or authorization should not be the same person responsible for approving the request).
    4.4.2.      Test Plan
    The security team should also establish testing objectives (whether each transaction being used in Production should be tested, whether each activity group should be tested with a representative ID, etc.). 
    A detailed test plan should then be established based on the approach, to ensure each person responsible for testing knows what s/he should be testing, what the objective(s) of the test is and how to report the status of each test.  Both positive (user can do his/her job functions) and negative (user can’t perform any unauthorized functions) testing should be performed.
    The Reverse Business Engineering (RBE) tool is very useful in identifying which transactions are actually being using in Production.  This can assist with focusing on which transactions to test.
    The importance of testing all used transactions individually and as part of role-testing cannot be stressed enough.  TEST,TEST,TEST!
    Every menu option, button, icon and available functions for all critical transactions need to be checked and tested.  There are some instances where icons are grayed out or don’t even appear for certain users, due to limited authorizations.  The only way these type of issues can be identified, is through thorough testing.
    4.5.               Issue Management (tracking and resolution)
    Due to the number of users potentially impacted by issues / changes to a single activity group, a perception can quickly be created that the security upgrade was unsuccessful or the cause of many post GoLive issues.
    It is therefore recommended that an issues log is established to track and ensure resolution of issues.  The log should ideally also contain a description of the resolution, to aid with similar problems on other activity groups. 
    This log will be helpful during the entire upgrade process, especially where more than one resource is working the same set of activity groups, so set it up at the beginning of upgrade project!  You can also use this for a ‘lessons learnt’ document for the next upgrade.
    4.6.               Status reporting
    The security upgrade forms an integral part of the overall upgrade given the sensitivity and frustration security issues could cause.  It is important that key milestones for the security upgrade are tracked and reported on to ensure a smooth and on-time cutover.
    4.7.               Detailed cutover plan
    The detailed cutover plan differs from the overall security workplan, in that the detailed plan outlines the exact steps to be taken during each system’s upgrade itself.  This should include:
    ·        Transport request numbers,
    ·        Download of security tables prior to the upgrade, especially UST12, USOBT_C and USOBX_C,
    ·        A backup and restore plan, (e.g. temporary group of activity groups for critical functions),
    ·        The relinking of user master records, with details on any CATT scripts, etc. that might be used,
    ·        User comparison, etc. 
    The security team needs to ensure that enough time is allocated for each action item and that this time is built into the overall cutover plan.   The project manager is usually expected to give an indication to end users and key stakeholders as to when the Productive system will be unavailable during its cutover to the new release.  This downtime should thus incorporate time required to perform user master comparisons, unlocking of ID’s and all other action items.
    4.8.               Project team access
    The SAP_NEW profile can temporarily be assigned to project team members to provide interim access to the new authorization objects. This provides the security team the opportunity to convert and adjust the IS team’s activity groups.  It also eliminates frustration on the functional team’s side when configuring and testing new transactions, etc.
    4.9.               Training and new functionality
    Some support team members (e.g. Help Desk members responsible for reset of user passwords, etc.) might require training and/or documentation on the changed screens of SU01, etc.
    It is recommended that a basic Navigation & Settings training module is created for all SAP users and should cover the use of Favorites, etc.
    The security team should also review Profile Generator in detail, as several new functions have been added (e.g. download/upload of activity groups, etc.).  Remember to review all the different icons, menu options and settings on the authorizations tab, etc.
    Lastly, if your company / project does use HR as related to security (activity groups and users assigned to positions / jobs), ensure that you become acquainted with the new enjoy transactions, e.g. PPOMW.
    4.10.           SU53
    A new function with SU53 is the ability to display another user’s SU53 results.   (Click on the ‘other user’ button and enter the person’s SAP ID).
    4.11.           Post Go-live
    Remember to establish a support roster, including after hours for critical batch processes, to ensure security-related issues are resolved in a timely fashion.
    Dumps should be checked regularly (Objects s_rfc and s_c_funct like making appearances in dumps) for any authorizations-related issues.  Transaction ST22 can be used to review dumps for that day and the previous day.
    Avoid transporting activity groups at peak times, as the generation of activity groups can cause momentarily loss of authorizations.  It’s recommended that a roster for activity group transport and mass user comparison be reviewed with the project manager prior to the upgrade.  Exceptions should be handled on an individual basis and the potential impact identified, based on number and type of users, batch jobs in progress, etc. 
    And, don’t forget to keep on tracking all issues and documenting the resolutions for future reference.
    5.      helpful reports, transactions and tables
    5.1.               Reports and Programs
    ·           RTTREE_MIGRATION: Conversion of Report Trees to Area Menus
    ·           PFCG_TIME_DEPENDENCY: user master comparison (background)
    ·           RSUSR* reports (use SE38 and do a possible-values list for RSUSR* to see all available security reports), including:
    v     RSUSR002 – display users according to complex search criteria
    v     RSUSR010 – Transactions that can be executed by users, with Profile or Authorization
    v     RSUSR070 – Activity groups by complex search criteria
    v     RSUSR100 – Changes made to user masters
    v     RSUSR101 – Changes made to Profiles
    v     RSUSR102 – Changes made to Authorizations
    v     RSUSR200 – Users according to logon date and password change, locked users.
    5.2.               Transactions
    ·           SUIM : various handy reports
    ·           SU10 : Mass user changes
    ·           PFCG: Profile Generator
    ·           PFUD: User master comparison
    ·           SU01: User master maintenance
    ·           ST01: System trace
    ·           ST22: ABAP dumps
    ·           SUCU / SE54: Maintain authorization groups for tables / views
    ·           PPOMW: Enjoy transaction to maintain the HR organizational plan
    ·           PO10: Expert maintenance of Organizational Units and related relationships
    ·           PO13: Expert maintenance of Positions and related relationships
    ·           STAT: System statistics, including which tcodes are being used by which users
    5.3.               Tables
    Table
    Use
    UST12
    Authorizations and Tcodes per Profile
    UST04
    Assignment of users to Profiles
    AGR_USERS
    Assignment of roles to users
    USOBT_C
    Authorizations associated with a transaction
    USR02
    Last logon date, locked ID’s
    AGR_TCODES
    Assignment of roles to Tcodes (4.6 tcodes)
    USH02
    Change history for users (e.g. who last changed users via SU01)
    USH04
    Display history of who made changes to which User Ids
    USR40
    Non-permitted passwords
    i am also providing the url of sap  upgrade guide. pls check it out ok.
    www.thespot4sap.com/upgrade_guide_v2.pdf
    reward me points if it helps you
    thanks
    karthik

Maybe you are looking for