It should be noted that although Activity Authorisations allow for a very granular way of restricting user access within ActiveControl, the complexity and overhead of the role and user maintenance should be taken into account during the initial design phase.
Although standard SAP allows a range of values to be entered into authorisation object fields, using the ‘From’ and ‘To’ options, this functionality should NOT be used within ANY ActiveControl authorisation object. Only single values or multiple values are allowed within ActiveControl authorisation objects. The usage of ranges may result in unintended results during Windows GUI authorisation checks.
Several of the authorisation objects contain fields which are reserved for future use. These fields should always have the value of ‘*’ to allow full access. Entering any other values in these fields may result in unintended results during authorisation checks.