Skip to Content
author's profile photo Former Member
Former Member

accumulation of rights within roles - SECURITY GAP?

Hi

my user has following access

In role A she has P_ORGINCON with following values, Read access

AUTHC M, R

INFTY 0001

0002

0024

0041

9010

PERSA *

PERSG *

PERSK * (employee subgroups)

PROFL ZZ_ALL

SUBTY *

VDSK1 *

In role B she has P_ORGIN with following values, Read access

AUTHC M, R

INFTY 0001

0002

0003

0006

0007

0025

0032

0034

0041

2001

2002

2003

2004

9010

9015

PERSA *

PERSG *

PERSK Z0

Z1

Z2

Z8

ZB

ZD

ZE

ZF

ZJ

ZK

ZL

ZM

ZN

ZP

PROFL ZZ_ALL

SUBTY *

VDSK1 *

When she tries to display any infotype NOT included in role A (e.g. IT06), for any subgroup which is NOT in group B (e.g. Z3), she can do it! Security gap!!

Is it because SAP will combine the authorisations, no matter what the individual limitations are?

Thanks for any help. We really need to find a solution for this

Nadia

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Dec 18, 2008 at 11:52 AM

    > Is it because SAP will combine the authorisations, no matter what the individual limitations are?

    That should not happen. I would suggest to run a trace while the user accesses one of these 'prohibited' infotypes.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.