Effort Estimation factors:

This Redesign is a separate PROJECT, altogether.

So, this involves, not only time for Role Build, it will involve all the phases of a complete Project, i.e Planning, Design, Build, Test and Go-live.

Time required for Role build

-Business Requirement of roles are Analyzed, which includes discussion with Business Owners

-Role design is done based on Segregation, as per Master-Derived/Individual/Single-Composite Business

-Discussion with Functional Consultants, ABAPers for Security objects and standards.

-Time for Role build on DEV.and Unit, Assembly and UAT testing for each of the roles.

Approx. 1 month is required for 600 roles.

require points, if answered

Hi salman.

I agree with all our friends who have responded, that there is no blanket rule for your requirement.

But : from My observations and from experience :

All said and done. It would take atleast 3-6 months after go live to have stability on the Live production system ESPECIALLY when you do re-design of authorisations and role assignment in any module. And esp Finance modules, if it is for world wide corporations with large user base world wide, you will have a great celebration 24 x 7  !!!

Because, practically many things become impossible to really implement in one go.

It takes time, to really RE-IMPLEMENT SOD and SOX compliance

Also, there could be times, there are always many things which a user might be doing for a very long time Which would get missed. And there could be repeated No authorisation errors. Which would also be part of your re-design and production support. So, depending upon your user base, given enough gaps for all these as well, wherein your testing is almost appropriate, take these time frames also into consideration.

Just my 2 cents

cheers

indu