Skip to Content
avatar image
Former Member

Authorization object conflicts in a user profile

We have a requirement where we need  to maintain  different values of the same authorization object in two different roles for the same user.

The requirement is for a user to have  ability to display  all views but to be able to change only type (V).

For example we have roles as below.

Role 1 : Z:_MM02

Auth Object : M_MATE_STA



Role 2 : Z:_MM_DISPLAY

Auth Object : M_MATE_STA



So when we are assigning Role 1 and Role 2 to user A the restriction on first role is getting bypassed, means the user

is able to go to MM02 to change any views. How to handle situations like this ? Any thoughts or inputs would be appreciated.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Oct 30, 2015 at 03:01 PM

    Hi, are you sure that the user isn't getting this from somewhere else?

    Role 1 + Role 2 will (in your example) give display/03 all and change/02 only V, the authorisations will not combine to give change/02 for *.  That is not how the authorisation concept (in ECC) works. 

    Add comment
    10|10000 characters needed characters exceeded