09-04-2010 10:48 AM
Hi All,
Can i able to delete the added authorization object for a particular user.
Eg: One of the end user requested me to add object called B_userst_t. i have added the same to the one of the roles (called AAA) of that user. Later i found the same object is there in one of the roles (BBB), which is assigned to that user too.
Please help me can i able to delete the object from role AAA.
Thanks and Regards
Carthick
09-07-2010 7:22 AM
Hi carthick,
Actually its not recommended to delete authorizations objects..you can just inactivate it.
But as far as your example is concerned....one thing is ambigous that if that object was already there in role(BBB), why that user did not acess to that object since that role(BBB) was already assigned to the user ??
and why he asked for that object again.........these things indicates that either there was no proper assignment of (BBB) to that user or object was previously inactive...otherwise it would have been visible in the menu of that user.
waiting for your reply..
regards,
teamkrishna....
09-04-2010 10:54 AM
Why?
Well built roles should be able to survive on their own as well...
If you added it manually, then set it to inactive first and then delete. Do not do this if it is a standard or maintained auth!
Do you understand why?
Cheers,
Julius
09-04-2010 11:22 AM
Thanks Julius,
Yes, it is a manitained authorization, what i have to do now, if i have to inactive that. please tell how to do that?
Carthick
09-04-2010 12:16 PM
Then do not delete it!
There is nothing wrong with a user having the same aurhorization values twice if each of the roles would need it on their own.
You should only inactivate it (right-click...) if it should not be allowed in the role but some tcode in the menu is pulling it in but actually does not need it...
I would move on to something more important to be honest, such as a training course on why you should not delete authorizations (ADM950).
Cheers,
Julius
09-06-2010 7:31 AM
Hi Julius,
Hope u had a nice week end!!!
thanks for your reply. i will go ahead and simply leave that object. In case if i have to delete that, i will refer to that as you advise.
Long Live
Carthick
09-07-2010 7:22 AM
Hi carthick,
Actually its not recommended to delete authorizations objects..you can just inactivate it.
But as far as your example is concerned....one thing is ambigous that if that object was already there in role(BBB), why that user did not acess to that object since that role(BBB) was already assigned to the user ??
and why he asked for that object again.........these things indicates that either there was no proper assignment of (BBB) to that user or object was previously inactive...otherwise it would have been visible in the menu of that user.
waiting for your reply..
regards,
teamkrishna....
09-07-2010 8:15 AM
Hi Krishna,
thanks for ur reply.
What happened here is, in role BBB we just maintained create, display for that particular object. Actually the user needs delete value too. that's why it showed missing authorization object with values.
I got ur point i have just deactivated the manually added object and maintained the delete value for the existing object.
Thks
Carthick
09-18-2010 11:29 PM
Hi
The point made was that each role should be able to perform independently, if the role you have now inactivated the object in is assigned to multiple users/user groups then other users may experience auth issues further down the line.
If there are two roles (say) both containing the same transaction but with different intentions, then you need to bear this in mind when making changes - one role may be a delete/flag for deletion and the other could just be a create/change/display
09-20-2010 6:46 AM