0001819126
DESCRIPTION
HiTRANSCRIPT
-
SAP Note
Header Data
Symptom
The runtime until the release of a mass request of roles with profile data takes several hours.
Other Terms
Role maintenance, profile generator, export, performance
Reason and Prerequisites
This is a follow-on error of the corrections in SAP Note 1614407. There are two causes for this:
l The sequence of the table keys for the generated profile data in the table E071K is not suitable, which means that a time-consuming sorting must be executed during the release process.
l The piece list of a role transport contains both current and obsolete generated profile data in order to not only update valid profiles and authorizations in the target system, but also to delete obsolete data by transport. Depending on the length of the change history for the generated profiles of the roles to be transported, the piece list of the tables USR12, UST12 and USR13 may be significantly longer compared to the old transport function. This is particularly valid for the table USR13 (authorization texts) because the number of obsolete authorizations that are added to the piece list is always multiplied with the number of the used languages.
Solution
Use transaction SNOTE to implement the correction instructions or import the Support Package into the source system of the role transports.
General information
This solution contains three measures that reduce the release duration from several hours to a few minutes:
1. The largest time saving results from the optimized sorting of the table keys (table E071K) for the generated profile data.
2. For the tables USR11 (profile texts) and USR13 (authorization texts), only the current entries are still included. The texts of obsolete profiles and authorizations are not taken into account.
3. You can use the new Customizing switch REC_OBSOLETE_AUTHS to set whether obsolete profiles and authorizations (tables USR10, UST10S, USR12, UST12) are added to the piece list. If you want to exclude the obsolete data, you have to enter the switch REC_OBSOLETE_AUTHS with the value NO into the table PRGN_CUST. If the switch is not maintained or if it is set to a value other than NO, obsolete profiles and authorizations are taken into account.
Note that the setting REC_OBSOLETE_AUTHS = NO minimizes the piece list on the one hand, and this minimizes the time for the transport release. On the other hand, obsolete profile data cannot be automatically deleted by import into the target system, and the security risk described in SAP Note 1614407, symptom 1b, occurs again. If you use REC_OBSOLETE_AUTHS = NO, you should immediately execute transaction PFUD (report RHAUTUPD_NEW) with the "Cleanups" option in the target system, particularly after mass transports. Otherwise, obsolete authorizations remain effective for the users assigned to the imported roles. If you do not use the switch, you do not have to perform a cleanup directly after role imports because obsolete entries can remain only in the tables USR11 and USR13 in the target system. However, these do not pose a security risk and can be deleted later.Run the cleanup in the background to delete obsolete USR11 and USR13 entries, because the text tables are ignored in dialog mode to avoid runtime problems (see SAP Note 978595).
1819126 - Long runtime for role transport release
Version 9 Validity: 27.01.2015 - active Language English
Released On 27.01.2015 15:06:02 By Andreas Leitheusser (D036362)
Release Status Released for Customer
Component BC-SEC-AUT-PFC ABAP Authorization and Role Administration
Priority Correction with high priority
Responsible Andreas Leitheusser ( D036362 )
Processor Andreas Leitheusser ( D036362 )
Category Program error
Relevant for Translation Yes
-
Validity
Correction Instructions
Causes - Side Effects
Support Packages & Patches
Software Component From Rel. To Rel. And Subsequent
SAP_BASIS 46C 46C
620 640
700 702
710 730
731 731
740 740
Implementation test
Overall result: Partially Performed show details Implementation test
Correction Instructions
Software Component Valid from Valid to Ref.Corr Modif. Status Last changed by Last changed on Last changed at Number
SAP_BASIS 46C 46C Y9CK067532 Released Andreas Leitheusser 22.08.2013 07:47 1653021
SAP_BASIS 620 640 Y6DK103037 Released Andreas Leitheusser 22.08.2013 07:32 1652711
SAP_BASIS 700 731 Y7AK142592 Released Andreas Leitheusser 21.08.2013 15:32 1652627
SAP_BASIS 740 740 Y4HK005387 Released Andreas Leitheusser 21.08.2013 15:35 1652709Manual activity required before/after installation with SNOTE
Manual Activities
Software Component Valid from Valid to Ref.Corr Type of Correction Status Last changed by Last changed on Last changed at Number
The table does not contain any entries
Notes / Patches corrected with this note
Note Reason From Version To Version Note Solution Version Support Package
1614407 0 0 1819126 4
1750568 0 0 1819126 5
The following SAP Notes correct this Note / Patch
Note Reason From Version To Version Note Solution Version Support Package
The table does not contain any entries
Support Packages
Software Component Release Support Package
SAP_BASIS 46C SAPKB46C66
620 SAPKB62074
640 SAPKB64032
700 SAPKB70030
701 SAPKB70115
702 SAPKB70215
710 SAPKB71018
711 SAPKB71113
720 SAPKB72008
730 SAPKB73011
731 SAPKB73110
740 SAPKB74005