Skip to Content
Former Member
Feb 27, 2012 at 06:28 PM

Investigate - ECC roles for retirement.


I am trying to investigate and find roles that can be retired in the ECC system. How do I come up with a list of roles that are ready for retirement (due to unuse or wrong naming convention, etc,etc)?

What are the questions I should be asking?

I have tried to follow the below approach, but it doesn´t seem to be effective enough:

note- From hereon, when I mention roles, it means Z-Roles only.

Please find the method I used to analysis the issue below:


Requirement: Investigate - ECC roles for retirement.

(Self made points below)

1. Document all roles in ECC, that have never been assigned to any user.

2. Document all the roles in ECC, that do not have any users assigned to

it since atleast one year.

3. Document all the roles in ECC, that are forbidden to be assigned to

any roles.

4. Document all the roles in ECC, that do not follow the standard naming

convention defined by the organisation.

My question - Should I extend this list?



Transactions used extensively during analysis:

SE16 Data browser

SUIM User Information system

S_BCE_68001425 Roles by Complex Criteria

PFCG Role Maintenence

Tables user extensively during analysis:

AGR_AGRS Roles in Composite Roles

AGR_DEFINE Role definition

AGR_USERS Assignment of roles to users

Actions taken, to reach the solution:

1. Single Roles - Without assignment in the last one year ( There has been no user assignment to these roles for atleast one

year and no changes have been done to the role during this time.

These roles are currently without any user assigned to them.

2.Forbidden roles: These roles are not to be assigned to any users and it

can be strongly recommended that they should be retired.

There are currently no user assignement for this roles.

3. Wrong Naming convention : Roles that donot follow the

standard role naming conventions (as defined). These roles should be