cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Business user restriction

Go to solution
pilar_francs
Discoverer

on ‎10-03-2018 9:20 AM

0 Kudos

Hi,

We want to restrict a service organization so the user with the restriction can’t access to employees from other service organizations.

For that we have done the following restrictions:

If the user logs into the system and try to create a project it’s even able to create projects with another service organization.

When we create the roles to assign employees it is possible to create different delivery organizations that are not related with the service organization S006:

 

When we add resources for the different lines we can see all employees at the service organization that we have chosen.

So, We want to be able to create different lines with different service organization but we don’t want to see employees of another service organization but the one authorised. How can we do that using user authorizations?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

David_Byrne
Active Participant
‎03-09-2020 11:07 AM
0 Kudos

This depends on your role design including he number of roles assigned and if the services entry is maintained in other user roles assigned to the user.

In general SAP provides the roles as part of the best practice scope items as examples only and these need to be adapted to meet the customer requirements depending on the requirement.

If the user has other roles assigned where the service organisation is not maintained this give the user the access which you see in your current system as these work on an OR concept ( if user has read only access to an object in 1 role and write access in another role then write access is given in app roles). Please review your role design to see has the service organisation been restricted in all roles.

In general the recommendation is that you should design your roles to have 1 role assigned to a user with the related catalogues and restrictions based on the job assigned.

David

Show replies
Show replies

Answers (0)

Ask a Question