08-05-2009 7:19 PM
It appears that the "minimal rights" concept does not prevail in SAP, for example if a role contains 2 instances of the same object, one with full authorization and one with restrictions, the instance with full authorization will take precendence over the restricted one. The user would get the most permissive access.
Can anyone confirm that the above is consistent with their findings? I would like to ensure that they're not a setting somewhere where the customer defines their approach, e.g. "least permissive" or "most permissive".
08-05-2009 7:24 PM
Hi Linda, you are correct in your understanding. The higher authority will override the smaller level of authorisation. There is no maximal/minimal setting that you can toggle.
When minimal rights concept is referred to in a SAP concept (and other ERP's I have found too) the interpretation is generally that of least privilege required to perform a users duties and the subsequent implementation of that technically.
08-05-2009 7:24 PM
Hi Linda, you are correct in your understanding. The higher authority will override the smaller level of authorisation. There is no maximal/minimal setting that you can toggle.
When minimal rights concept is referred to in a SAP concept (and other ERP's I have found too) the interpretation is generally that of least privilege required to perform a users duties and the subsequent implementation of that technically.
08-05-2009 7:28 PM