you can also use the actual version of report PRGN_COMPRESS_TIMES.

Unfortunately the developement of a CUA-enabled version is not finished yet. But in a standalone system it works fine.

b.rgds, Bernhard

Hi Tison,

Q1: 2 reasons:

a) organisatoric question: a user may have his roles form different tasks he fulfills in his organisation.

For instance (ok I know it is a cheap example...) a FI-superuser has authorization through role FI-SUPERUSER all the time. Additionally he gets this role assigned a second time as supervisor as he is member of the year end project from december 1st to december 31st.

For the user admin it might be easier to assign this second assignement to all members of the supervisor group,(and removing it again by 1.1.) than check first each user, if he has already this role and except them form that assignement.

b) second reason - the historic one.

Maybe you are too young, but there have been times, when no change logs existed for role assignements. Only profile assignements have been logged.

It was not possible to check, in which intervals in the past a user had a role assigned. Only a look into SU01 (resp agr_users) gave that information (if the admin had not deleted the expired assignements).

Q2: removal.

please have a look at the solution of [SAP Note 312943|https://service.sap.com/sap/support/notes/312943] -->point 2.

I think that is a good source to explain, what happens in SU10 with multiple assignements.

Once again: there is the report PRGN_COMPRESS_TIMES to merge such multiple assignements.

b.rgds, Bernhard

Hi,

no news from SAP.

Also in the next release, which is developed right now, CUA is supported....

b.rgds, Bernhard