How to Remove duplicate roles

Most of sap users have duplicate roles in sap.using this ABAP report we can find and remove duplicate roles .duplicate roles nothing but  if user  has a same roles with different validity period

COMPRESS SAME ROLES WHICH HAVE DIFF VALIDITY

Do you know why this is happening?

Whenever user  complains that no authorization for particular access which had earlier means that transactions related role expired for that user.

Most of user admins instead of extending validity of role,again assign  that  role with new start and end date.This  occurs mostly multiple assigned composite roles.

Is just because of a user admin mistake?   yes it is

PRGN_COMPRESS_TIMES is a standard ABAP report available within your SAP system(I'd say use this  report  if you're not working with Central User Administration)it compresses same roles which are assigned and make it as a single role by taking the start date and end date into calculation(Consider least start date and highest end date)

Have a look on this picture i am sure you get a idea on compression

 

still confusion....

look at screes shots.

Here x user has Z_ROLE_A role by different valid from and valid to dates

Go to SA38/SE38

Enter PRGN_COMPRESS_TIMES

Click on Execute/F8





You can enter either role or user names, other wise leave blank.Here I am searching for customized roles.you can find end of this scree shot simulation run option.Tick the check box and execute then the result list shows you the before compression status.simulation run for only test run.

Back to the screen uncheck simulation run and execute.Then all duplicate roles will be removed from the users automatically.

TIP: To avoid this ,Before assign a role to a user, should check if the role is already assigned to the user or not.
hope you get it.

Friends... if you have  doubts on any topic of security ,feel free to ask.so i will post on that topic in this site.