on 04-16-2020 8:36 PM
Hi, i need to give display access to users but the role related tcode1 is given 03 access for auth object and there is another role with same auth object but different tcode2 with 02 tcode so. Both the rolesare assigned to users what access will users have for first tcode
Assuming tcode 1 doesn't have subsequent checks beyond the same auth object, the user will have activity 01 and 02 to the tcode.
authorisation check do not consider which role grants the access. This situation is a form of cross inheritance - the combination of roles has created additional unintended access
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If a user has 01 and 02, it means they will also be able to see (display) it..so you either figure out if this user now has an SOD violation (Segregation of Duties) and remove the 01,02 role, or leave it be.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
7 | |
6 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.