I understand what you are saying;
However, practically, this means then that all users in our QAS and DEV environment would have to be assigned different roles than in PRD; as we use a trusted RFC from our CRM system to our ERP system, to display quotes, so all our users hold the trusted RFC object S_RFCACL.
Is that not extremely cumbersome?
And we use composite roles, so if I have to create separate roles for S_RFCACL for each system, I would also have to create separate composite roles ???, as the S_RFCACL is included in a single role.
The thing is that I do not see how I can pratically work with separate S_RFCACL for each system ...
I do appreciate your further suggestions.