Question:
Hello,
I have a problem with my Roles. I have created two simple roles, one of them has object I_AUART with just one Order Type (value =IN02), the other role is a Display Role for ALL Order types (value = *)
When I assign these roles to a user I hope this user could display any order type, and create and modify JUST order type IN02. Roles don't work as I hope, when I assign these roles to a user, it can create and modify any order type, but this is wrong. It seems that value = * for I_AUART is "killing" value IN02 for the role which create orders.
Is this behavior correct? What can I do if I want it to work as I explained?
This problem doesn't exists with notification types because object I_QMEL has Notification type and transaction code and it validates both of them, but object I_AUART doesn't have TCODE.
Thank you.
Claudia
Answer:
Working as designed... Access is additive and SAP does not care where the access comes from. if there is no VALUE SET to distinguish activity tied to Order type then you cannot make the difference.
Answer:
all CAPS LOCK topic title not allowed unlessthere all keywords.
topic locked.
Snowy
_________________
SapFans Moderator
NetWeaver ‘04–SAP Web AS for ORACLE certified
Search: /forums/search.php
SAP Notes: http://service.sap.com/notes
SAP Help: http://help.sap.com
Basic Rules: /forums/viewtopic.php?t=222759