We are implementing an ERP eCommerce solution and can access the user management engine from http://domain:port/isauseradm/useradmin/init.do from where we create new B2B users. However, we find that there is a "Customizing" hyperlink on the top right hand corner that takes one to a set of tabs / screens wherein one can customize the users to be created. On the "Authorization" tab, one can set the roles that users may have when new users are being created. Herein lies a security risk - the five role fields are free form input fields where one can enter roles which are not meant to be used - for example 'SAP_ALL'. Is there a way to limit the roles that can be selected to a select few by way of a dropdown box ? Or is there a BAdI that can verify the roles that are entered ?