Finance | Project Operations, Human Resources, ...

The user has more permission than the security role provides

(0) Share

Report

Posted on by Anna9956

I have a problem that the user has more rights than the security role provides.
I assigned him a child business unit and security role for him.
Everything worked fine. But suddenly I saw that the user sees all apps (for all business units, not just for his). 
I checked the access level for viewing applications - everything is right - for his role he need to see only 1 app.
But in reality it is not.
When i assigned him a child business unit and security role for him - he can see other applications and even customize 
the system!!!     
it's incredible, because his role does not give him such rights and there is only one role assigned to him.

I tried to assign a parent business unit to him and everything began to work as it should.

how can it be that a child unit gives more rights than a parent?

or the problem is something else?

All responses (2)

Answers (0)

Suggested answer

André Arnaud de Cal... 293,274 Super User 2025 Season 1 on at

Like (0)

Report

RE: The user has more permission than the security role provides

Hi Anna,

Can you tell what you mean with "all apps"? I do understand the term business unit. Is it the same?

Note that when you assign organizations on a security role, by default it will only restrict access based on legal entity information. So this is intended to limit access for a role in specific legal entities.

If you want to filter on records, like the business unit, you need to implement eXtensible Data Security (XDS). I made an example how to link the Organization assignment with XDS for record filtering: Extensible Data Security examples - Secure by retail channel (dynamicspedia.com)
OsmanIstanbul 2,814 on at

Like (0)

Report

RE: The user has more permission than the security role provides

Hi,

does the user has any delagation?