This is a big question and require more information to answer. Security module directly impacts end users ability to perform job functions. I would not take this lightly. You do not want to break something which is already working for end users.
Taking step back, I guess the question that needs to be answered is that "why are you doing this exercise?" If you are doing this because the administration cost of current Security function is too high, just to let you know, consolidating roles and PLs is just one piece of it. There are many other ways as well to streamline Security and save on Administration cost. Since you are thinking of redoing Security, I would do deeper assessment of current Security model, Identify issues and areas of improvemement. Once you have that then you are in a better position to estimate effort.
But if you are consolidating Roles and PLs only, the actual effort depends on number of roles you currently have and the approach you take for consolidation.
There are 2 ways of getting to it:
Top down approach - where you sit down with Functional team and design Roles from Scrach. This is more costly. You will do this if your Roles are really bad and they do not match with Job functions at all.
Bottom up approach - This is where you look at the roles that go together and start consolidating them. An expert, who is familar with Security, can give you the initial consolidation templates fairly quickly. The step where it slows down is How to deal with outliers.
Regarless of the approach, you need to alocate effort for:
- Communicating the Impact (if any) to the end user community. You don't want to surprise them because that could get really costly.
Note: Row security in HR is a huge deal. You will have to consider that in equation as well.
For your question on Hardcoded roles, I am not sure if you are using Delivered roles or you have your own roles. Some of the delivered ones are Hardcoded. And if you are using your own roles then Tech team should know if they have hardcoded any of those roles somewhere or not.
Let me know if you need more information.
- Jarmanjit Singh
Thanks for the detailed input. Administration cost is driving this effort. I will take this back to our management to get more details.