I have always copied all SAP delivered roles in to my customer namespace and generated them before assigning to users.
After upgrading to EHP1 aka sps20 I see many roles referencing a specific support pack level. My concern is that if I copy a role into my namespace and assign it to users I will not be able to take advantage of role enhancements made as a result of futures support package projects.
In addition to this I have found dealing with composite roles to be very cumbersome if I copy both the composite role and all the roles it references into my namespace. Trying to take advantage of workcenters makes using the sap delivered composite roles very appealing.
Finally my question - How are other SAP customers handing Solution Manager security.