cancel
Showing results for 
Search instead for 
Did you mean: 

Check Access Rights Consistency

former_member490855
Discoverer
0 Kudos

Check Access Rights Consistency functionality, what is the best and easiest way to interpret this information in order to eliminate these inconsistencies? It appears that these inconsistencies are a false positive, is that a correct assumption? Activity Id/Activity, where is this defined/controlled? Is this configurable?

For instance, have create a business role and assigned 2 work centers, create sales orders and create purchase orders. In total, have 26 inconsistencies? Can someone please suggest how I should resolve these inconsistencies. Screen shot listed below

Thanking you in advance.

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

Hello Cathy

I checked the attached screenshot and based on the download it is really difficult to judge the impact of the inconsistencies. And if you really need to remove them.

First of all I would suggest to use the "group by: Activity", which is the default setting. Now you have to go over each group and judge, if it is an issue for you or not.

If we take the example from my screen, then you see that there are 3 entries for "Display Inbound Delivery". From the "Purchase Order" and "Purchase Request" you have the authorization to display Inbound Deliveries with restriction. From the "Returns" WCV you see Inbound Deliveries w/o an access context restriction. Authorizations sum up, so you have authorization for all Inbound Deliveries. In such scenario I see no problem as long as you navigate from hyperlinks. If you have reports, which display more inbound deliveries then you might get authorization issues.

If you now assign to the same user the authorization for Inbound Delivery OWL, the issue might become critical. (In my example I assign the WCV Inbound Delivery with Restricted Access). Here you would expect to see only the inbound deliveries for the restriction you assigned. But as authorizations sum up and you have the unrestricted authorization for inbound deliveries, you might get too many inbound deliveries in your list. So here you need to test.

There is no general guideline how to set up roles, besides: Check with your client if access restriction on org level is required. If so then carefully check for each action, if the user gets more authorizations then you expect. If so, try to avoid as many unrestricted authorizations as possible.

Best regards

Marlene

former_member490855
Discoverer
0 Kudos

Hi Marlene,

Thanks for your response. However would like to clarify the following-

- What is OWL?

- From the first screen shot provided, are you stating that a user will have the ability to process an inbound delivery via the work centers Returns, Purchase Orders and Purchase Requests even though the work center view  "Inbound Deliveries" is not allocated to the user?

- With  the second screen capture, you have allocated the work Center Inbound Deliveries with restrictions for this user. Are you stating that this should now prevent the user from processing inbound deliveries from the work center views Returns, Purchase Orders and Purchase Requests.  I note that Returns has unrestricted write.. Irrespective of the  allocation of  the Work Center view Inbound Deliveries with write restrictions does this mean that the user will still be able to process an inbound delivery?

My understanding is that authorisations roll up into one which means that the unrestricted access on Returns will still allow this user to process inbound deliveries, even though we have write access restricted on the work center views Purchase Orders, Purchase Requests and Inbound Deliveries? Just confused on this one!

These inconsistencies are quite confusing and difficult to follow.

Thanks again

0 Kudos

Hi Cathy,

- OWL = Object Work List

- Yes, you have a hyperlink and can open the linked instance of the inbound delivery from the Return WoC

- No, I wanted to mention, that you have a restriction maintained for inbound deliveries, but it gets overruled with the unrestricted authorization from the returns. So the user might see too many "Inbound Deliveries" in the OWL with the unrestricted access from the returns.

Best regards

Marlene

former_member490855
Discoverer
0 Kudos

Hi Marlene,

Thanks again for your response. Am still unsure what an Object Work List is? Where can I see this? Can you give me an example.

Thanks

0 Kudos

An Object Work List is the pattern name for a list displayed usually on the Workcenter View. Examples are, e.g. below you see the OWL for Business Users. The section below the table is called Preview pane.

An OWL is based on a query (an displays multiple instances), while an Factsheet, a QAF (= Quick Actity Floorplan) and OIF (= Object Instance Floorplane) are based on one instance.

Regards

Marlene

Answers (0)