It should be noted that although Activity Authorisations allow for a very granular way of restricting user access within Expresso, the complexity and overhead of the role and user maintenance should be taken into account during the initial design phase.

Although standard SAP allows a range of values to be entered into authorisation object fields, using the ‘From’ and ‘To’ options, this functionality should NOT be used within ANY TE authorisation object. Only single values or multiple values are allowed within TE authorisation objects. The usage of ranges may result in unintended results during Windows GUI authorisation checks.

Several of the authorisation objects contain fields which are reserved for future use. These fields should always have the value of ‘*’ to allow full access. Entering any other values in these fields may result in unintended results during authorisation checks.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment