Hi Arpan

Is it 314 or 312? Anyhoo - seems like a teaser question

Hi Arpan

There are only few uses at Europe continent level rather than specific country level eg : Germany, Poland , France etc

Currently for each country we have 80 roles, so that mean for 3 country the role will be 240 and if for example is Czech Ruplic, then extra 80 roles can be assigned.

so that mean if more country are on SAP, then users can be assigned role for new country( plant.company code etc )

Damdoar

Hi,

As the other guys have said, 312 profiles is the limit. If you are finding that some users are hitting the profile limit then it is a high chance that your technical design is not suitable for the purpose it was intended.

Hi Arpan

So the limit is on profile , not on roles, for eg : one role may have one or more profile , the naming convention for profile is standard for eg (T-D1764263) - Users are gettingg 500 transcaton from 80 role assignment.

Damodar

That is correct, the profile is the limiting factor due to the field length of the relevant table field.

Hi Arpan

3748/12 = 312

I hold my hand up and admit I 'know' the limit is 312 but I don't know why

Please may I ask what the 3748/12 refers to?

Many thanks

David

A profile name is 12 characters long and the USR04 field can fit 312 of them into one record before the lights go out.

However... table USREFUS has a field REFUSER also has a length of 12 char yet you can fit another 312 profiles into it...

So the actual limit is 624 profiles.

Technically there is NO LIMIT to the number of roles as some roles might contain only menus or UME mappings or personalization keys. It is only when PFCG noticed that the assigned profiles have reached the limit that it throws an error.

Other UI's for role assignment (such as some tools out there...) do not respect and react to this limitation and let you run into the problems as if it were your own fault.

If a the average user needs more than max 10 roles you should anyway start rethinking / optimizing your authorization concept IMO.

Cheers,

Julius

Hi Martin,

I support Arpan with the following calculation:

1. Profile technical name length = 12.

2. Table USR04 (holding User's profile assignment) has two keys: Client(MANDT) and Userid(BNAME)- This means there can be only one record per user ID for profiles assignment.

3. Length of the field (PROFS) holding the profiles names assigned to user is 3750 characters.

4. However, the first two characters in the field is reserved for denoting if the record is a created or Modified and that leaves us with only 3748 characters to contain actual profile names.

5. Hence maximum number of profile names that can be accomodated in that field is 3748/12 = 312.33 ( rounded off to 312).

Also, value in field NRPRO is always= No. of profiles assigned (as per UST04) *12 + 2

Cheers!

Sandipan

Total Questions:  6 " (6 unresolved)  

This happens often when the discussion is not only interesting but also goes "Whhooosshhhhhhhhhh!!!!" as it passes over the head of the original OP. Sometimes they return later to post a comment such as:

I don't have access to OSS so tell me is there a limit or is there not a limit? Please explain step by step

Chin up and stiff lip. This is the internet which is [a series of tubes|http://en.wikipedia.org/wiki/Series_of_tubes] although some treat it like a big truck... :-).

Cheers,

Julius

dump... enormous amounts of material... which delay your message...

That and interview questions is what we have the Test&Playground forum for.

Should have seen it coming earlier though...

Cheers,

Julius