Skip to Content
avatar image
Former Member

mass generation of profiles of customize role in sap

Dear All,

I am unable to generate mass profile for customize roles in SUPC.After pressing Generate button its showing "Choose at least One role".

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

6 Answers

  • avatar image
    Former Member
    May 26, 2010 at 06:40 AM

    Hi Pinaki,

    What are the selections that you have made in SUPC for mass-generation?

    Once you have made the selections in SUPC and pressed on execute, you will get a list of roles.

    You will need to select the profiles in the list , you want to be generated. The one's with " yelow" status are not generated.

    After you have made this selection, you need to press generate.

    Regards,

    Manisha

    Edited by: Manisha Nadir on May 26, 2010 12:11 PM

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Pinaki,

      All the roles with status red do not contain any authorization data in them so how will the profiles be generated. You need to first maintain something in them , then generate the profile. What is the point of generating the profiles if these roles are empty.

      Regards,

      Manisha

  • avatar image
    Former Member
    May 26, 2010 at 08:16 AM

    Hi Pinaki,

    This issue is very common and thats the reason its always advisable to transport the roles from one system to the other instead of using upload/download option. If the number of roles is less then you can use upload/download option.

    Also if you do not want to go with the transport option either then you can try creating a CAT/Ecatt script to mass generate the roles. This will reduce your manual effort. Search for "How to create an Ecatt script" if you want to know the same.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi,

      I think I just forgot the derived roles part . You are right, if the red status is for derived roles, it has to be because of direct upload to the system.

      Thanks and Regards

      Manisha

  • avatar image
    Former Member
    May 26, 2010 at 11:01 AM

    Hi Pinaki

    If you have done a download of roles. Did you take care of the following points while downloading the roles.

    " To prevent inconsistent data, all roles from which this role is derived

    are also downloaded to the file.

    When downloading composite roles, all the single roles contained in the

    composite roles are downloaded as well."

    If yes your roles should not have a red status once uploaded.

    Red status of the roles in trxn SUPC is because of 2 reasons.

    1. Roles does not contain any auth object(Shell role)

    2. One or more org level values of the role is not maintained

    In the second case you need to maintain the org level values in the role before it is generated.

    Hope this helps.

    Thanks.

    Anjan

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 13, 2011 at 05:05 PM

    Hi all,

    Thanks for reply.After doing some rnd i get alternate option.

    Regards,

    Pinaki

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      A brave route is to delete the profiles on mass and then mass regenerate. You can even do this in PROD to improve transport performance, but you must be sure that SU24 is perfect.

      But as mentioned before, you have to be very sure about what is going to happen and who is changing roles, otherwise all hell breaks loose.

      Opening roles in "Edit old status" and then transporting them as a habit in role maintenance is not a good symptom to use this approach - as an example.

      If you have used SU24 and do keep the role proposals intact, then it works very nicely and you can upgrade all your roles in about 1 day - max 1 week.

      If you want to do a lot of checks against historic Excel lists and manual regression testing (with manual / changed authorizations which are divorced from the menus) then you are looking at between 1 month and forever to upgrade the roles...

      For me, the concept of "forever maintenance" means start over from scratch in the design.

      Cheers,

      Julius

      Edited by: Julius Bussche on Apr 29, 2011 12:06 AM

  • avatar image
    Former Member
    Mar 25, 2011 at 04:59 PM

    I've been through this before and it was exactly how Julius mentioned. After an upgrade and got to 2C of SU25 and all my roles were changed. Wanted to mass generate profiles on many but when attempting only received "choose at least one role". Couldnt figure out why I couldnt mass generate so ended up going into each and generating. It was a pain in the arse. Please tell me if anyone figured out way around this exact issue.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      If you ensure that your roles can all be opened in expert mode with merge new before the upgrade, then you can invest time in step 2b such that you know what you want in 2c.

      Then, instead of 2c use SUPC.

      Building bigger and better single roles via menus with carefull su24 proposals does work, and you can complete the security upgrade tasks in about 2 or 3 days for a large system.

      One of my customers has 16 million users in SU01. We upgraded SU25 in 2 days because the roles where all standard authorizations.

      Cheers,

      Julius

  • avatar image
    Former Member
    Nov 13, 2015 at 12:39 PM
    Add comment
    10|10000 characters needed characters exceeded