Role Assignment does not get distributed from CUA
I create user and role in CUA client.
There is no error in role generation.
When I try to find my role in SU01 by pressing F4 of my role (Y*), system give me message role not found. But that's not my biggest problem.
I can assign my role by typing manually.
My biggest problem is only SAP ID get distributed into target system, not the role assignment.
So in the target system I can see my user id without role assign to it.
I checked my user id from SCUL. User and profile does not contain any error message in target client.
I tried with transaction RSCCUSND, still my user id does not contain role.
I checked my SCUM transaction, profiles and roles has Global settings.
Does someone can give me a clue why this happens and how to solve this issue.
Martin Voros replied
yes, the role has to be defined in the child system. It's not possible to define roles in one centralized system. For example you have ERP and CRM systems in your landscape. Both systems share some basic authorization objects which are part of NetWeaver platform (e.g. S_TCODE) but each system have application specific authorization objects. Therefore it would be really hard to create a role in ERP for CRM where you don't have definition for any specific authorization objects. ERP also misses any SU24 records for CRM applications.
The step mentioned by Jurjen just copies role names with description into central system.
The purpose is really simple. You can centrally manage your users. You can create a user in cetnral system and distribute it into child systems with proper role assignment in each system (e.g. ERP roles in ERP system and CRM roles in CRM system).