Authorization Issue with infotype

Former Member · ‎01-25-2009

Dear Guru's,

There are a couple of Customer IT that have been created. For which I have also assigned the authorization. But for some of these Infotypes though the user has no authorization he is able to access it.

Can you guys give me a heads up on what might have gone wrong...

Regards

Vijaya Sankar

jurjen_heeck · ‎01-25-2009

Could there be some ranges in the infotype field(s) in the existing roles? Generally when something unexpected like this happened it shows the disadvantage of ranges.....

Former Member · ‎01-25-2009

It does have few ranges. But any idea how to tackle it???

Regrads,

Vijaya

jurjen_heeck · ‎01-25-2009

> It does have few ranges. But any idea how to tackle it???

I'd talk to the functional guys and investigate which infotypes they really use. If you define those one by one in your roles you'll never have the risk of new infotypes becoming visible or changeable by accident.

Former Member · ‎01-26-2009

Vijay,

You may have already tried this but the first thing that pops into my head is to use SUIM.

Roles -> Roles by authorization values -> plug in P_orgin or P_orgincon (Whichever object you use) -> then under infotype plug in the value of the infotype you DON'T want them to see. Hit execute. Then compare those roles to the access your users have.

Thanks,

Former Member · ‎01-27-2009

Walden is correct.

It's best to remove all ranges by utilizing SUIM and then define each infotype separately. You can always add more later individually if the users require further access. But it will keep you from hunting through ranges to restrict them from anything they may accidentally receive from the range.