Hi all,

We are in the process of upgrading our BPC system from 7.5 to 10.0 (CPMBPC 801 SP9), and are trying to define the future strategy for maintaining user security for BPC10.0, given that we use CUA on our BW/BPC systems.

We have read sapnote 0001757825 - BPC security supporting CUA, and have some general questions about the BPC generated roles ZBPC__BUI_userid

1. What is this role used for, and do we need to give it to all our BPC users?.

2. We have noticed that these ZBPC__BUI_roles have been generated for existing users after running the 7.5 to 10 migration program. However when we add new users to an environment via BPC web client, there is no ZBPC__BUI role generated for that user. When and how does this ZBPC__BUI role get generated?

3. What is the recommended approach for assigning this role to users in Test and Production systems? Should it be transported from Development, or should it be generated in target systems?

4. Does the name of the role have to include the user ID, because it seems bad practice to name a security role after a user from a maintenance point of view?

5. If required, can we assign a generic dummy role called ZBPC__BUI_DUMMY to all BPC users?

Thanks,

Carlton