SAP_ALL Profile and Update Missing Authorization Objects

Create New Role Which Contains SAP_ALL  Authorizations

The profile SAP_ALL used to be a composite profile which contained an application-specific overall profile from every application. 

This leads to a large number of redundancies and thus to a very large SAP_ALL. 

As of Release 3.1G, report RSUSR406 generates a full authorization for all existing objects, combines these (due to technical reasons) into single profiles and in turn puts this into the composite profile SAP_ALL.

If new objects are created or transported into this system after SAP_ALL is generated, an incomplete SAP_ALL can result.

To resolve this issue please do as following:

• Kindly start reports RSUSR406; a complete SAP_ALL is then generated. 
• Please note that this profile is only suitable for superusers; the single profiles in this profile are only required for technical reasons. 

Caution: The executing user needs the authorizations to maintain profiles and authorizations in a profile other than SAP_ALL. The report deletes the authorizations in SAP_ALL and creates them again afterwards. If the executing user only has SAP_ALL, during the runtime of the report he is missing the authorizations to continue.

If you want to generate a reduced SAP_ALL, use the Profile Generator. Or you can use the reference function (Transaction PFCG, Create activity group, do not choose a transaction in the menu but press 'Authorizations'), choose the reference SAP_ALL, Continue and then delete non-required authorizations from the profile, for example, those for user maintenance or those for developers. 

As of Release 4.6A, it is possible to regenerate the profile SAP_ALL cross-client, if it is damaged in several clients of one system. To to this, execute Report AGR_REGENERATE_SAP_ALL.