In role administration, you have the following options for transporting roles:
Role upload loads all role data, including authorization data from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case.
The Mass Transport of Roles screen appears. You can control the default settings for the options Also transport single roles for composite roles and Also transport generated profiles for roles using Customizing switches (see Role Administration Functions in the section Functions of the Utilities Menu).
You should not change the authorizations profiles of the role after you have included the role in a transport request. If you need to change the profiles or generate them for the first time, transport the entire role again afterwards.
If the user assignments are also transported, they will replace the entire user assignment of roles in the target system. To lock a system so that user assignments of roles cannot be imported, enter it in the Customizing table PRGN_CUST using transaction SM30. Add the line USER_REL_IMPORT and the value NO.
If you are using Central User Administration (CUA) with global role assignment, you should not transport the user assignments of a role together with the role. In this case, you can only create user assignments in the central system. You can then send these to the system group that you have defined, if appropriate. If you nevertheless import user assignments for roles into the child systems of the CUA in these circumstances, the central system is not informed about the changes to the user master records. This means that data for the users in the child systems that you have changed in this way is overwritten with the data from the central system during the next distribution. Therefore, the user assignments created locally in the child systems with the role import are deleted.
The role is entered in a Customizing request. Use Transaction SE10 to display this.
The authorization profiles are transported along with the roles, unless the profile parameter transport/systemtype is set in this SAP system to value SAP. In this case, only the profiles whose roles are assigned to customer-relevant delivery classes are transported.
You can also use a Customizing entry to prevent authorization profiles from being transported with the roles. In the transport source system, add the entry PROFILE_TRANSPORT with the value NO in table PRGN_CUST. In this case, you must use transaction SUPC (mass generation) or transaction PFCG (generation of profiles for individual roles) to generate the profiles in the target system after the transport.
You can create perform a user master comparison in the following ways:
In role administration, you can distribute roles on the Menu tab page, as long as the target system has a release status of at least SAP Basis 4.6A.