Scenario:
Users having access to 2 companies access with the same TCODE in 2 different roles where one for display and one for modification.
Role A with TCODE: FS00, Object: F_SKA1_KTP, Activity: 02, 08 Value: *
Role B with TCODE: FS00, Object: F_SKA1_KTP, Activity: 03, Value: TGGA, TGRP
You have removed the TCODE: FS00 in Role A and expect user will only able to perform display feature only with Role B but end-up the user still manage to perform display and modification features on the 2 relevant companies which happen to be unexpected authorization / conflict.
Reason:
Even TCODE been removed from the role menu or S_TCODE object value in the single role but the customize object value still remain in it and causing the authorization conflict to be appear.
Role A: object "F_SKA1_KTP" for display only
Role B: object "F_SKA1_KTP"
Solution:
1) Be-careful when removing TCODE from roles to ensure all overlap object value are remove completely.
2) To create a customize object (require some ABAP programming .. sample solution will be post soon ... )
No comments:
Post a Comment