cancel
Showing results for 
Search instead for 
Did you mean: 

Difference between Permissions and Assigned Permissions

0 Kudos

Hello,

Even though the work area manager checkbox is unchecked under permissions, the User still seems to have ALL persmissions assigned for work area manager. Does this mean they have the permission to edit anything under work area? please see screenshot below.

moshenaveh
Community Manager
Community Manager
0 Kudos

Welcome to the SAP Community! Thank you for visiting us to get answers to your questions.

Since you're asking a question here for the first time, I'd like to offer some friendly advice on how to get the most out of your community membership and experience.

First, please see https://community.sap.com/resources/questions-and-answers, as this resource page provides tips for preparing questions that draw responses from our members. Secondly, feel free to take our Q&A tutorial at https://developers.sap.com/tutorials/community-qa.html as well, as that will help you when submitting questions to the community.

Finally, I recommend that you include a profile picture. By personalizing your profile, you encourage readers to respond: https://developers.sap.com/tutorials/community-profile.html.

I hope you find this advice useful, and we're happy to have you as part of SAP Community!

Accepted Solutions (0)

Answers (1)

Answers (1)

DirkManuel
Active Contributor

Permissions are permissions that are assigned DIRECTLY to the User (or whatever you select on the left). Assigned Permissions are all the permissions that the user has - including those assigned directly, and those they inherit via their Role(s) and Org Unit. Unfortunately there is no way to tell where they inherited them from.

Best practice (not just SAP Enable Now, but general Access Admin) is NEVER assign permissions directly to Users, but always assign them to Roles (and then assign Roles to Users) - or OUs if you have to.

So in your example, the User has the Workarea Manager permission (and Workarea: Delete! This is dangerous!) because they inherit it through Role assignment and/or OU membership - so check those.

If I had to guess, I'd say that Root has been assigned everything - I see this done a lot when SEN is set up and people don't know what they are doing and "just want to make it work". That is absolutely NOT the right thing to do.

Bottom line - you have some cleaning up to do.