Overlapping Access Definitions

When the access rights of user and group definitions overlap, the following rules, listed in order of precedence, apply:

  1. An access level that defines a more detailed dimension combination list takes precedence over a level with less detail.

  2. If the preceding rule does not resolve the overlap conflict, the highest access level is applied.

Example 1:

User Fred is defined with the following database access:

FINPLAN     R
CAPPLAN     W
PRODPLAN    N

He is assigned to Group Marketing, which has the following database access:

FINPLAN     N
CAPPLAN     N
PRODPLAN    W

His effective rights are set as:

FINPLAN     R
CAPPLAN     W
PRODPLAN    W

Example 2:

User Mary is defined with the following database access:

FINPLAN     R
PRODPLAN    N

She is assigned to Group Marketing, which has the following database access:

FINPLAN     N
PRODPLAN    W

Her effective rights are set as:

FINPLAN     R
PRODPLAN    W

In addition, Mary uses the filter artifact RED (for the database FINPLAN). The filter has two filter rows:

The Group Marketing also uses a filter artifact BLUE (for the database FINPLAN). The filter has two filter rows:

Mary’s effective rights from the overlapping filters, and the permissions assigned to her and her group: