Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Excessive Access to Infotypes.

Hi all, greatly appreciate if someone can advice on a situation i encounter.

Setup. I have setup a role with Access to Employee Group 1-3 (excluding 0).

I then assign this role to a User A.

User A tries to access Employee ZZ whereby Employee ZZ has the following records in IT0001 (Org Assignment).

Ascending Order

01.01.1999 to 31.12.2003 (Employee Group = 3)

01.01.2004 to 31.03.2009 (Employee Group = 3)

01.04.2009 to 31.12.9999 (Employee Group = 0)

As you can see, the latest record points to EE group 0, which User A does not have access to.

Now User A tries to access a Customised Infotype 9xxx of this Employee ZZ with the following records;

01.01.2009 to 31.03.2009

01.04.2009 to 31.12.9999

My problem here is that based on IT0001 record, User A should not have access to employee ZZ based on the latest Org Assignment, and therefore should not be able to access IT9xxx of this employee ZZ. However User A is able to access BOTH records.

I then did a test, such that if i remove '3' from the role (meaning it's left with 1-2 EE group access), User A will then be restricted from viewing the record.

Is there any setting i can do to prevent such access? My understanding is that at the very most, User A should see only the earlier record of 9XXX but why is the latest record (01042009 to 31129999) showing as well ?

Baffled about, this. Hope someone can enoighten.

Former Member

Helpful Answer

by
Not what you were looking for? View more on this topic or Ask a question