Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization Issue with infotype

Former Member
0 Kudos
101

Dear Guru's,

There are a couple of Customer IT that have been created. For which I have also assigned the authorization. But for some of these Infotypes though the user has no authorization he is able to access it.

Can you guys give me a heads up on what might have gone wrong...

Regards

Vijaya Sankar

5 REPLIES 5

jurjen_heeck
Active Contributor
0 Kudos
76

Could there be some ranges in the infotype field(s) in the existing roles? Generally when something unexpected like this happened it shows the disadvantage of ranges.....

0 Kudos
76

It does have few ranges. But any idea how to tackle it???

Regrads,

Vijaya

0 Kudos
76

> It does have few ranges. But any idea how to tackle it???

I'd talk to the functional guys and investigate which infotypes they really use. If you define those one by one in your roles you'll never have the risk of new infotypes becoming visible or changeable by accident.

0 Kudos
76

Vijay,

You may have already tried this but the first thing that pops into my head is to use SUIM.

Roles -> Roles by authorization values -> plug in P_orgin or P_orgincon (Whichever object you use) -> then under infotype plug in the value of the infotype you DON'T want them to see. Hit execute. Then compare those roles to the access your users have.

Thanks,

0 Kudos
76

Walden is correct.

It's best to remove all ranges by utilizing SUIM and then define each infotype separately. You can always add more later individually if the users require further access. But it will keep you from hunting through ranges to restrict them from anything they may accidentally receive from the range.