We are going to upgrade to EH6 and I have few queries related to security.
1. All the documentation and forum post related to upgrade suggest, that the su25 security activities begin during the "EHP6 post upgrade" phase. I wish to know whether is there anything that the security team should plan or take action before the upgrade process. (Like backing up tables, comparing su22 and su24, etc).
2. I am new to this organization and this is my first upgrade project. I found that there are lot of authorization objects added manually in SAP roles by previous consultants(not reflected in su24). So now during the upgrade, what will be the consequences of it. Is there any step that I can take up now or during the su25 upgrade cycle to fix it so the authorization values which are manually added doesnt get overwrite.
3. How to know whether the su24 data is modified for which roles or we are using the SAP standard authorization values as originally provided via su22. I doubt whether the su24 is modified for any role.
Please excuse as I know these are beginner questions, but I want to clear all the doubts so I can avoid users complaining later of missing authorizations in Production system.