I am having an issue with transaction MEMASSIN. Our BA has a requirement for me to restrict Purchasing Info Records being changed to only specific Plants. They are using MEMASSIN rather than ME11,ME12, and ME13 (which MEMASSIN touches anyway).
I have used SU24 to review M_EINF_EKO, M_EINF_EKG, M_EINF_WRK and I am restricting my Plants via ORG levels in the role, however when the BA tests they can still make changes to inforecords outside the restrictions in Plants they are not supposed to.
The user id does not have any other roles assigned that contain ME11, ME12, MASS, or MEMASSIN. I am unsure as to why they are able to get around the restrictions. However when we only have that single role assigned, it works, so they must be picking up authorizations from another role...
Is it possible that the ORG levels of * in any of the other roles assigned to the user (this user has multiple job functions and 30+ roles assigned) could be causing this?
Any help would be much appreciated.