Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Resultant user authorization of t-codes with a common Auth. Object

Former Member

‎09-09-2014 8:17 AM

0 Kudos

Hi,

I'm re-posting this question because the first time it was rejected and according to the Rules of Engagement, it seems it's because I did not post my photo, however, dear Moderator, if for any other reason, I mean not to be indecent, kindly let me know if there's anything violating the content rules.

I'm trying to control access to t-code AS02 using Asset Views (Auth. Object A_A_VIEW), so while looking around I noticed that this Object A_A_VIEW is present in other t-codes/roles assigned to some users.

My question is (pardon my basic terminology), if a I create a role that has a t-code with certain authorization values defined in its Authorization Objects, and assigned it to a user that has those Authorization Objects in his profile but from totally different t-codes in different roles, will the most explicit/resultant authorization take precedence in all the t-codes? or will the t-codes be accessed as per the authorization provided in their respective roles?

2 REPLIES 2

Colleen
Advisor
Advisor

‎09-09-2014 8:37 AM

0 Kudos

Hi  Saleh

Lack of photo would not have been the reason.

Is SAP security your background? What do you know of generated profiles, user buffer and the concept of cross-inheritance (or cross-talk)?

If you are asking if a user has Transaction AS02 from one role and A_A_VIEW from another would they be authorised or not then that is a basic question (fundamental of SAP authorisation concept). Basic questions are not allowed in SCN as you can obtain the answer via searching, sap help and basic training.

If you are trying to understand some specifics of the A_A_VIEW authorisation that the SAP Help (and also IMG configuration for Asset Views) did not provide then you might need to clarify your question.

Regards

Colleen

Ps - I did alert the moderator to your question as I thought it was basic question relating to the SAP authorisation concept that is covered in SAP help, Google and the ADM940 training course.

Bernhard_SAP
Advisor
Advisor

‎09-09-2014 8:42 AM

0 Kudos

Hello Saleh,

I rejected your post - and as Colleen stated - not because of the missing picture.
i provided also a comment, why I did reject your post.

Check the docu for the abap statement authority-check, then you know, how it works.

thread locked.

b.rgds, Bernhard