cancel
Showing results for 
Search instead for 
Did you mean: 

Sap security

0 Kudos

Hi, i need to give display access to users but the role related tcode1 is given 03 access for auth object and there is another role with same auth object but different tcode2 with 02 tcode so. Both the rolesare assigned to users what access will users have for first tcode

Accepted Solutions (0)

Answers (2)

Answers (2)

Colleen
Advisor
Advisor

Assuming tcode 1 doesn't have subsequent checks beyond the same auth object, the user will have activity 01 and 02 to the tcode.

authorisation check do not consider which role grants the access. This situation is a form of cross inheritance - the combination of roles has created additional unintended access

former_member612251
Participant
0 Kudos

If a user has 01 and 02, it means they will also be able to see (display) it..so you either figure out if this user now has an SOD violation (Segregation of Duties) and remove the 01,02 role, or leave it be.