Checking for ACLs
Use
The system carries out the check for ACLs as follows:
First, the system checks whether an ACL exists in the document.
If no ACL has been defined in the document, the system checks the superior folder.
If no ACL has been defined there, the system checks the folder above that folder.
The system continues checking until it finds an ACL.
If no ACL is found, the user does not have authorization.
The more comprehensive authorization for a single layer applies as follows:
user→user group→role→HR object
Authorizations assigned to a superior folder are inherited by all subfolders at all levels.
For more information, see Precedence .
Authorization-Check Traces
ACO_SUPER is assigned to the
user
The following authorization checks are performed while assigning ACLs to a
user
,
user
group
,
role
, or
HR
object
:
Firstly, a permission check for transactions, such as create and change
'C_DRAW_TCD', 'C_DRAW_STA', 'C_DRAW_TCS'
Secondly, a permission check for BOM update
‘C_STUE_BER’
Finally, 'ACO_SUPER'
An additional authorization check is carried out while assigning an ACL to an HR object
'PLOG'
ACO_SUPER is not assigned to the
user
The following authorization checks are performed while assigning ACLs to
user
,
user
group
,
role
, or
HR
object
:
Firstly, a permission check for transactions, such as create and change
'C_DRAW_TCD', 'C_DRAW_STA', 'C_DRAW_TCS'.
Secondly, a permission check for BOM update
‘C_STUE_BER’