We are in a utilities (Electiricity) project and as per project demands We need to do mass creation and changes of Security roles which would be approx 29,000 roles where we need to maintain the business area or RSG's so that for example, Revenue Accountant of RSG- A will not able to see/modify or create RSG- B.
There are around 490 RSG's (business areas) divided into 5 zones( viz:West, Central ,North, Border, South). Initially we have created 58 roles for 1 RSG with the t-codes recieved from respective departments and handed over to the team for testing and maintaining, the Authorization issues as and when occured duting testing.
Now our concern is:
1. Is that really, a need of creation of these many security roles?
2. How can we reduce such a large number of roles, maintainence of which would be a huge task after go live? if yes, what should be the strategy and further planning to adopt and go with it?
3. How can we automcate these role creation, if need to create, so that the business area will be maintained in such a manner, that RSG A will not have any type of access of RSG-B?