Hi Everyone,

I would like to thank each and everyone who took efforts in helping me to provide the solution to issue.

The final Solution was : it was a SAP Standard behavior.

If there is at least one authorization default value , whose default values differ from the maintained authorization , but has at least the same fields filled with default values, then the maintained authorization remains and is given the status “ maintained new “. A new Standard authorization is also added.

  The status of “ maintained Old “ has been changed to “ maintained New “is designed to make the Role administrator aware that he must decide whether the  maintained authorization will still be required or not.

EX:

I have created a Role in which i added a t-code SU01 and this t code has got the below authorization default values for the object S_USER_SAS being maintained.

S_USER_SAS

ACT_GROUP: < EMPTY >

ACTVT : 01,06,022

Class: ABC

Profile: < EMPTY >

Subsystem : < Empty >

and this particular object has been added into my newly created role and i have maintained this object as below.

S_USER_SAS < maintained new >

ACT_GROUP: Z_SD_HOD

ACTVT : 01,06,022

Class: ABC

Profile: *

Subsystem : *

After which i have added a tcode Su10 and this t code has got the below authorization default values for S_USER_SAS.

S_USER_SAS

ACT_GROUP: < EMPTY >

ACTVT : 01,06,022

Class: Super

Profile: < EMPTY >

Subsystem : < Empty >

So finally now my role has the below objects.

S_USER_SAS <maintained  from SU01>       S_USER_SYS  < Standard from Su10 >

Act_Group: Z_SD_HOD                                      Act_Group: <Empty>       

ACTVT:01,06,22                                                    Actvt: 01,06,22

Class:ABC                                                             Class: Super

Profile : *                                                                 Profile: <Empty>

Subsystem:*                                                          Sub System: <Empty>

Now if we remove the t code SU 01 from Role , then the corresponding maintained object to the su01 will not get removed rather when you perform merge option then you can see the above instances of S_USER_SAS object.

S_USER_SAS <maintained  NEW from SU01>       S_USER_SYS  < Standard old from Su10 >

Act_Group: Z_SD_HOD                                                 Act_Group: <Empty>       

ACTVT:01,06,22                                                              Actvt: 01,06,22

Class:ABC                                                                      Class: Super

Profile : *                                                                         Profile: <Empty>

Subsystem:*                                                                 Sub System: <Empty>

Hi Maram

How SAP has made this functionality is explained below:

Above scenario cited by you only happens for Maintained status and not Changed status.It is like when you remove 1 tcode out of the 2 t-codes with same objects and different values.

Auth object for that t-code will be made as New status and the other instance of the same auth object for the 2nd t-code will be made as OLD status.

The auth object will only gets removed from PGFC if and only if all the t-code related to that particular auth object gets deleted.

Till that time it just makes the auth instances as status 'NEW' .

Hope this helps and answers your query.

Regards

Pradeep

Are SU01 and SU10 the only transactions you have added to the role or are there others? What does the overview icon next to the object tell you when you click it?

You'll see that the instance is of status NEW, which should be interesting.

Message was edited by: Will Dunkerley - clarity.

Hi Maram

The Last Maintained Auth object will be unchanged,even if any one of the tcodes is removed as well.

The condition here is if the two tcodes have same proposed values in Su24.

I repeat .. Maintained (you have just added values, but not changed values which are set in Su24)

Thanks

Pavan M