When we want to propose a new Security Framework, should we change the way that SAP works? I mean, we have master role and derived ones, But I have worked in one client that doesn`t follow (at all) this manner of role design.
As per I know, we should design task roles and split into each task and grouping transactions related to those tasks as we called a position.
The composite role is the position role, and the task roles oriented to business, are master-derived.
Why is so common that we see this broken, I mean, we are not able to push the master role to derived childs, beause we are going to delete authorization that was customized inside the child role.
And what you think, are the risks linked to, having a model that doesn`t follow at all this kind of frameworks?