Question:
Hi all,
I have a question regarding structural authorisation profiles.
Let's say I want to limit a Training administrator's access to a certain part of the org structure. That user should also have access to the entire training catalog.
For the org structure restriction I would set up a structural profile starting from a top org unit and using evaluation path o-o-s-p. No problem so far.
But when I assign this profile to my training admin, he will not have access to the training catalog (objects L-D-E) anymore, even though I did not put any restriction on those objects in my structural profile. In fact, the user only has access to objects O, S and P. All other objects he may need have become unavailable
Of course there is an easy solution (listing all necessary objects to the profiles without any restriction) but it's not very convenient. Especially when a new functionality is implemented using previously unused objects...
I was just wondering if this is normal system behaviour ? Or would there be a switch somewhere allowing us to have the system restrict only on object explicitly mentioned in the structural profile ?
Cheers,
K .
Answer:
Hi,
this system behaviour is normal - it is the same as in "normal" roles - you can define the granted objects only positive.
You really have to list all the objects in the structural profile. Better - you can have one profile for every user - with L,D,E... and an other one with the restricted org.structure.
Regards
Patla
Answer:
Thanks for you reply Patla, makes sense.
Br,
K .