Showing results for 
Search instead for 
Did you mean: 

Restrict Business Role assignment

0 Kudos

Hi All,

Is there any way to restrict the business roles a user can assign?

For e.g. a user can assign another user Business Role XYZ but cannot assign role ABC.

The catalog 'Identity and Access Management - Role Assignment' gives the user authorization to add/remove roles, but can we further restrict to be able to give authorization to role XYZ only and not ABC.


Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

Hi Sandeep,

By default, it is not possible to restrict on the basis of ABC or XYZ in a role (as for as I know), but through a workaround, it can be achieved.

The workaround is as follows:

1. Create a 2 new MDT, let's say ZABC and ZXYZ with attribute ABC and XYZ respectively (the attributes should be the same from product MDT). Maintain the MDT as values A, B and C in ZABC MDT and X, Y, Z in ZXYZ MDT.

2. Now go to the role (in Identity & Access mgmt.) --> Click on Edit --> Restriction --> in Write and read tab --> go to Master data --> Select your new MDT which was created in step 1 --> maintain the range. So the range should be A, B, C only for a specific role (for which only access of ABC needs to be given).

3. So the roles can be created on the basis of ABC or XYZ.

Note: The roles always work as a union. So if there is any other role which does not have restriction of ABC or XYZ then, the user will have access for both ABC and XYZ.

I hope it helps.



Answers (0)