Solved: Deleting Authorization Object

Former Member · ‎09-04-2010

Hi All,

Can i able to delete the added authorization object for a particular user.

Eg: One of the end user requested me to add object called B_userst_t. i have added the same to the one of the roles (called AAA) of that user. Later i found the same object is there in one of the roles (BBB), which is assigned to that user too.

Please help me can i able to delete the object from role AAA.

Thanks and Regards

Carthick

Former Member · ‎09-07-2010

Hi carthick,

Actually its not recommended to delete authorizations objects..you can just inactivate it.

But as far as your example is concerned....one thing is ambigous that if that object was already there in role(BBB), why that user did not acess to that object since that role(BBB) was already assigned to the user ??

and why he asked for that object again.........these things indicates that either there was no proper assignment of (BBB) to that user or object was previously inactive...otherwise it would have been visible in the menu of that user.

waiting for your reply..

regards,

teamkrishna....

Former Member · ‎09-04-2010

Why?

Well built roles should be able to survive on their own as well...

If you added it manually, then set it to inactive first and then delete. Do not do this if it is a standard or maintained auth!

Do you understand why?

Cheers,

Julius

Former Member · ‎09-04-2010

Thanks Julius,

Yes, it is a manitained authorization, what i have to do now, if i have to inactive that. please tell how to do that?

Carthick

Former Member · ‎09-04-2010

Then do not delete it!

There is nothing wrong with a user having the same aurhorization values twice if each of the roles would need it on their own.

You should only inactivate it (right-click...) if it should not be allowed in the role but some tcode in the menu is pulling it in but actually does not need it...

I would move on to something more important to be honest, such as a training course on why you should not delete authorizations (ADM950).

Cheers,

Julius

Former Member · ‎09-06-2010

Hi Julius,

Hope u had a nice week end!!!

thanks for your reply. i will go ahead and simply leave that object. In case if i have to delete that, i will refer to that as you advise.

Long Live

Carthick

Former Member · ‎09-07-2010

Hi carthick,

Actually its not recommended to delete authorizations objects..you can just inactivate it.

But as far as your example is concerned....one thing is ambigous that if that object was already there in role(BBB), why that user did not acess to that object since that role(BBB) was already assigned to the user ??

and why he asked for that object again.........these things indicates that either there was no proper assignment of (BBB) to that user or object was previously inactive...otherwise it would have been visible in the menu of that user.

waiting for your reply..

regards,

teamkrishna....

Former Member · ‎09-07-2010

Hi Krishna,

thanks for ur reply.

What happened here is, in role BBB we just maintained create, display for that particular object. Actually the user needs delete value too. that's why it showed missing authorization object with values.

I got ur point i have just deactivated the manually added object and maintained the delete value for the existing object.

Thks

Carthick

Former Member · ‎09-18-2010

Hi

The point made was that each role should be able to perform independently, if the role you have now inactivated the object in is assigned to multiple users/user groups then other users may experience auth issues further down the line.

If there are two roles (say) both containing the same transaction but with different intentions, then you need to bear this in mind when making changes - one role may be a delete/flag for deletion and the other could just be a create/change/display

Former Member · ‎09-20-2010

Thanks David