Solved: SAP security & minimal rights concept

Former Member · ‎08-05-2009

It appears that the "minimal rights" concept does not prevail in SAP, for example if a role contains 2 instances of the same object, one with full authorization and one with restrictions, the instance with full authorization will take precendence over the restricted one. The user would get the most permissive access.

Can anyone confirm that the above is consistent with their findings? I would like to ensure that they're not a setting somewhere where the customer defines their approach, e.g. "least permissive" or "most permissive".

Former Member · ‎08-05-2009

Hi Linda, you are correct in your understanding. The higher authority will override the smaller level of authorisation. There is no maximal/minimal setting that you can toggle.

When minimal rights concept is referred to in a SAP concept (and other ERP's I have found too) the interpretation is generally that of least privilege required to perform a users duties and the subsequent implementation of that technically.

Former Member · ‎08-05-2009

Hi Linda, you are correct in your understanding. The higher authority will override the smaller level of authorisation. There is no maximal/minimal setting that you can toggle.

When minimal rights concept is referred to in a SAP concept (and other ERP's I have found too) the interpretation is generally that of least privilege required to perform a users duties and the subsequent implementation of that technically.

Former Member · ‎08-05-2009

Hello Alex,

Thank you for your response, it was very helpful!

Linda