Hi Avinash,

You'll need to go into each of the 53 roles from where you want to delete the auth.object.

Go to the authorization tab of each of the roles.

Find the auth. object which you want to delete and then look for an icon with a red line next to the traffic light and click on it.This will make the object inactive and the trash icon will then appear beside it.You can then delete the auth. object by clicking on the trash icon.Then save and generate the profile again.After the changes to the individual roles have been made you can mass transport all the 53 roles at once from DEV to other systems in your landscape.

Note:It is never recommended to delete an auth. object from the role this way.If the auth. object is not required then u can just make it inactive.There is no way you can mass delete an auth. object from 53 roles at once unless u r using GRC.

Thanks,

Saby..

I understand that your question is answered, but wanted to add a little comment (although I don't know which type of system you have, nor release nor what the name of this auth object is.... so this is a "shot in the dark":

If your roles have been built in the way SAP intended roles to be built (maintaining roles via the menu), then it might be possible for you to identify which transaction (for example) was the "culprit" to have pulling this object in, even although you did not (or now do not any longer) want it in any role which contains it for that reason.

You should check whether these 53 roles have authorizations generated as "standard" or "maintained" (not "changed", or "manually"). Check that no other role with this authorization is dependent only on this transaction to retain the standard or maintained authorization value (or know this from the documented use case of the transaction).

If sy-subrc = 0 still... go to SU24 and remove the check indicator for the menu transaction(s) causing this authorization to be concluded by leaving "check" only.

Then open each of the 53 roles once only, and select "Read Old, Merge New Data" from the expert menu and regenerate.

Manual authorizations will not be touched.

Changed authorizations will not be touched.

Deactivated authorizations will not be touched.

However any > 54th roles which have this standard authorization only from the above (no longer desirable) transaction and should keep it, will be your (or someone else's)mess to sort out when you upgrade and the lights turn yellow.

If you already have a lot of manuals and changed authorizations, then rather don't do this. It either need to be done properly, or not at all AFAIK (BW folks will be hard to convince...).

A carefull choice of transaction combined with good SU24 data and avoiding manual inserts as much as is possible helps a lot to avoid a mess (and subsequent consequences).

Sorry for the rant, but I could not resist

Cheers,

Julius