Re: [sap-security] Issue while restricting VA02 authorization by division
Posted by
Admin at
|
Share this post:
|
|
Posted by henrikmadsen2(GRC Consultant )on 07/12/2009 07:06:00 PM
Sounds like a reasonable assumption! you need to check all roles for the
relevant authorisation values
2009/7/11 Rugs_119 via sap-security <sap-security@groups.ittoolbox.com>
>
>
> Hello,
> There is a requirement in my organization to restrict Change Sales Order
> (VA02) authorization by division. I removed VA02 from the existing roles
> and created new roles for VA02 for the different divisions we have in
> the organization, e.g division 10, 20, 30 etc.
> I then assigned the VA02_div20 role to a user. However, while testing I
> see that this user is able to access VA02 for all divisions.
> P.S: The older roles have VA01 and VA03 access for all divisions.
> Typically a user will be assigned all his original roles and VA02_divXX
> (based on the division he/she is working in).
> Please let me know why this would be happening? Is it because the older
> roles have access to all divisions?
> Thanks,
> RR __.____._
Toolbox.com
4343 N. Scottsdale Road
Suite 280
Scottsdale, AZ 85251
In the Spotlight
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
_.____.__ 
