We are putting up a project plan for security role redesign. Today we have the master derived role concept. We have restrictions on both org levels and non org levels. We have derived roles out of sync and a lot of maintenance overhead. We have a couple of other roles designs with the companies we acquired and integrated. The management really wanted to standardize business processes and we want to propose role redesign with the same. We were planning on going with the enabler type role design as today we have a lot of org values and the number of roles to modify when a new org is created is very high. This made us think of the enabler type roles. Can you please help us go the right way with this approach.Wanted to get an idea of the do's and dont's with this approach . I have read a few threads on this and got a mixed responses. It would be really helpful if we can have specific drawbacks and advantages of enabler type role design. We are going with self implementation.
Thanks in advance for all the responses.