Limit revocation of all roles
The setting in the AMSConfig.xml file can be modified to prevent revocation of all roles assigned to users or positions in a selected SAP connection through requests.
By default, you can revoke all roles assignments. This means there can be users or positions without any role assignments in a SAP connection.
This configuration setting applies to these SAP requests:
- Role Assignment request to revoke roles assigned to a user in the selected connection.
- User Re-Provisioning request to revoke roles assigned to a user in the selected connection.
- Roles to Position request to revoke roles assigned to a position in the selected SAP connection.
This default setting can be modified to ensure that all roles assigned to a user or a position are not revoked and that they must have at least one role assignment in the selected connection.
To configure the xml setting:
| XML file name and path | [InstallPath]\BizRightsPresentation\xml\AMSConfig.xml |
| Node |
enablezeroassignment>true</enablezeroassignment>
|
| Configuration settings | Change the default value to fals’ to ensure that all role assignments are not revoked through requests,. |
| Default | True. All roles assigned to a user or a position in SAP can be revoked. |