cancel
Showing results for 
Search instead for 
Did you mean: 

Should SAP delivered composite roles be copied into customer namespace

Former Member
0 Kudos

I have always copied all SAP delivered roles in to my customer namespace and generated them before assigning to users.

After upgrading to EHP1 aka sps20 I see many roles referencing a specific support pack level. My concern is that if I copy a role into my namespace and assign it to users I will not be able to take advantage of role enhancements made as a result of futures support package projects.

In addition to this I have found dealing with composite roles to be very cumbersome if I copy both the composite role and all the roles it references into my namespace. Trying to take advantage of workcenters makes using the sap delivered composite roles very appealing.

Finally my question - How are other SAP customers handing Solution Manager security.

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

> I will not be able to take advantage of role enhancements made as a result of futures support package projects.

You should be able to do this in transaction SU25, if SAP delivers the required information about the menu and the changing proposals with the SP.

Please see [SAP Note 991377|https://service.sap.com/sap/support/notes/991377] and the documentation on transaction SU25 for more infos.

> In addition to this I have found dealing with composite roles to be very cumbersome...

You are not alone in this. The main problem is that the menu can become divorced from the real authorizations and grow appart over time. Additionally, you will sooner or later end up with the same authorization assigned to the user a multiple of times. It only takes one of them to make a little mistake and all other composites and users assigned are impacted.

But, if you use them in a disciplined way and a good design, then it is a lesser evil.

> Finally my question - How are other SAP customers handing Solution Manager security.

Yearly SP patch cycle, except for special SNOTE type exceptions, so once a year the roles are all sent through the test cycle.

I try to catch as many changes using SU25 and checking SAP Notes in advance to make the testing easier, but it is not bulletproof.

Cheers,

Julius