Today I tried to use the Master privilege feature.
I used a system where InitialLoads for ABAP, Portal and LDAP had already been run and assigned Master privileges to these 3 repositories (all policies set to wait)
I also added a No master task which simply assigns the missing privilege.
In my case the Master privileges were SAP_BC_ENDUSER (ABAP), IDM-Dummy-Group (AD) and eu_core-Role (Portal).
I then created a new MX_PERSON without any permissions in the WebUI and (in a second step) added a Role which containes privileges from all 3 systems.
In the Job Log there was no trace of any of the Master-Privilege-Tasks and the provisioning went as always.
I searched SAP Notes, Forum and Blogs, found the Schema-document and a Guide about Roles & Privileges which basically explain the principle of Master privileges. It looks as if it is not too complicated and does not require any more configuration than in the repository-privilege-tab.
Any help and findings appreciated.