Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Authorization object conflicts in a user profile

We have a requirement where we need  to maintain  different values of the same authorization object in two different roles for the same user.

The requirement is for a user to have  ability to display  all views but to be able to change only type (V).


For example we have roles as below.

Role 1 : Z:_MM02

Auth Object : M_MATE_STA

ACTVT  02

STATM  V

Role 2 : Z:_MM_DISPLAY

Auth Object : M_MATE_STA

ACTVT  03

STATM  *

So when we are assigning Role 1 and Role 2 to user A the restriction on first role is getting bypassed, means the user

is able to go to MM02 to change any views. How to handle situations like this ? Any thoughts or inputs would be appreciated.

Former Member
replied

Hi, are you sure that the user isn't getting this from somewhere else?

Role 1 + Role 2 will (in your example) give display/03 all and change/02 only V, the authorisations will not combine to give change/02 for *.  That is not how the authorisation concept (in ECC) works. 

1 View this answer in context
Not what you were looking for? View more on this topic or Ask a question