Hi Bernhard,

I could not understand the solution you provides. Please tell me the answer in descriptive way.

Thanks,

Sudip

Bernhard is suggesting that you use the forum search for your query. You may also want to include search term USR04.

Alternatively you can get the info from the following link before this thread is moved to the test forum:

http://lmgtfy.com/?q=Maximumrolesassignmentperuser+SAP

>

> nevertheless he will need to redesign his concept, because including the single roles into composites won't reduce the number of assigned profiles which in fact builds the assignement limit. I read such suggestions quite often in the past, but I can't see the advantage regarding max. number of assigned profiles... Do you?
> thx, Bernhard

If someone can convince me that it's a good idea to increase the max number then I will eat Julius' hat - the one that he hasn't eaten yet!

If someone can convince me that it's a good idea to increase the max number then I will eat Julius' hat - the one that he hasn't eaten yet! 

I'm fairly certain Julius still owes me a hat too

But it was a basic thread which seems to have been an interview question which vaguely related to our 19th Century 4.6C steam driven system and back porting...but I don't think the OP ever replied in the end so maybe that doesn't count!

Cheers

David

An auditor once had the task to audit a system of "mine" and ended up going for speculation about improvement possibilities in his presentation to the CIO (who was originally an ABAP developer when he started in the company!)

<blabla>The overall security of the roles could be improved by using composite roles to reduce the number of roles (okay... you can use "personalization" attached to composites...) and therefore profiles assigned to the users. This will (apparently) make maintenance easier (I think he wanted to derive the composites?) and produce less SoD conflicts requiring mitigating controls, thereby avoiding long debates with the auditors each time.</blabla>

I let him walk into that one on his own steam... the resultant discussion was like a Montypython scene, or possibly even Blackadder...

Cheers,

Julius

ps: Regarding [my hat|http://www.google.ch/imgres?imgurl=http://www.chocolates-ala-carte.com/look/news/candy_mag_feb07/c_i_hat.jpg&imgrefurl=http://www.chocolates-ala-carte.com/look/news/candy_mag_feb07/index.html&usg=__m6YWntia9g543IgeOxZBu_JYSSw=&h=361&w=458&sz=137&hl=de&start=0&zoom=1&tbnid=GQ3eRe-oXx12_M:&tbnh=135&tbnw=172&ei=WkltTc_-Aoa6vwOflpm5BA&prev=/images%3Fq%3Dchocolate%2BAND%2Bhat%26um%3D1%26hl%3Dde%26rlz%3D1R2ADSA_deCH392%26biw%3D1259%26bih%3D544%26tbs%3Disch:1&um=1&itbs=1&iact=hc&vpx=126&vpy=74&dur=9750&hovh=199&hovw=253&tx=143&ty=108&oei=WkltTc_-Aoa6vwOflpm5BA&page=1&ndsp=21&ved=1t:429,r:0,s:0]: easter is around the corner.

pps:

If someone can convince me that it's a good idea to increase the max number then I will eat Julius' hat

Actually I can smell blood in the water here via object K_REPO_CCA...

Edited by: Julius Bussche on Mar 1, 2011 8:40 PM

 Montypython scene, or possibly even Blackadder... 

We are the Knights of Ni !

Amazing how we can always use a Montypython sketch

You were lucky, in my day we had to create profiles without PFCG, our security manager would come home at night and kill our transports and make us lick our profiles clean and then kill us...and we were greatfull...

Edited by: David Berry on Mar 1, 2011 8:32 PM

>

> 

If someone can convince me that it's a good idea to increase the max number then I will eat Julius' hat

> Actually I can smell blood in the water here via object K_REPO_CCA...  
> 
> Edited by: Julius Bussche on Mar 1, 2011 8:40 PM

It's still generally the same root cause issue.....

Sometimes the concept of company plant combination roles sounds strange but may be necessary - the naming convention can cause confusion but derived roles can help (I hate them) but I think are better than sets of singles

Edit - related org levels need to be considered but that should be a given

Edited by: David Berry on Mar 2, 2011 12:06 AM

Thanks guys. I have resolved my issue of m own.

The solution is-

Few users working for one perticular company code like 1000. So, here I have no issue. I created one derived role and maintained 1000 in the CC org value and naming convention of the role I maintained like Z:ROLENAME_1000.

But, few users working for 22 CC, So I created one more derived and maintained all the 22 CC in the org value.

And naming convention I maintained here is Z:ROLENAME_9999. Here 9999 refers to the users who work for 22 CC.

So, instead of assigning diferent derived roles for all 22 CC and assigned him only one role.

Thanks once again for replying to my thread

Sudip