Hello Experts,

The context specific authorization object doesn't evaluate the

structural profile it is assigned to when more than one structural

authorization is assigned to a user.

Please read the below scenario for issue description as follows:

User ZHR_ACT13 is assigned two roles namely ZHR_HRD and ZHR_DEPT_HEAD.

He is the manager for employee ID 167 and is not the manager of employee ID 17.

Role ZHR_HRD has no read/write authorization for Infotype 6. ZHR_HRD is also assigned to structural authorization ALL which is meant for viewing all the objects with no restriction of any relationship.

Role ZHR_DEPT_HEAD has read authorization for infotypes 6 for only the subordinates i.e. the structural authorization ZDEPT_HEAD of viewing only the subordinates data is assigned to this role. Also this structural authorization ZDEPT_HEAD is assigned to infotype 6 using

authorization object P_ORGINCON.

But now the manager ZHR_ACT13 is able to read infotype 6 data for employee ID 17 who is not his subordinate even though only structural authorization ZDEPT_HEAD is assigned to infotype 6 using P_ORGINCON. We

expect that user ZHR_ACT13 must be able to read infotype 6 data only for employee ID 167 and not for employee ID 17.

Please kindly help resolve this issue.

Thanks & Regards,

Roshan.