Transfer of legacy authorization objects

In the past, AEB provided authorization objects in the Z namespace, as there was no possibility for using other namespaces. Depending on when and how you first installed AEB components in your SAP systems, you're using these Z-objects in your authorization roles. In November 2025, AEB was informed about difficulties in SAP S/4HANA migrations related to these authorization objects which could result in their deletion. This is critical, because the maintained authorization roles will become invalid.

Your SAP system is affected by this change if you have authorization objects in the system starting with ZAEB*. (Check via transaction SU21). The difficulties mentioned above occur when upgrading from ERP ECC to S/4HANA or when upgrading your S/4HANA system to a new release,e.g. from 2020 to 2025.

You have the following options to proceed:

• Keep the existing authorization objects from AEB and prevent any changes to the existing roles. (option A and B)
• Switch to the new authorization objects and change the existing roles (opion C)

Option A Execute a report to analyze which of your roles are concerned. Contact the AEB support with that information to transfer the concerned Z-authorization objects to a new package.

or

Option B Perform a manual transfer of the authorization objects.

or

Option C Switch to new authorization objects and change the existing roles. Delete the old authorization objects.

Select your next step accordingly in the following "What's next" - section: