Hello,
I need your help to clarify an issue with member access profile.
Supposing the access is controlled for Organization and Entity dimensions, one user U1 is assigned to two member access profiles, both M.A.P. have access to different entities, however they have access to the same organization. Only in one case the access is read-only (R).
When trying to send data to a valid combination of Organization and Entity dimension members, the operation fails, stating that there is no write access to organization ZZZ. This organization is a descendant of Group_XYZ for which you can see that the access is specified. However while 'MemberAccess_Write' has write access to Group_XYZ and its children, 'MemberAccess_Read' only has read access.
Data input is possible immediately after removing the read-only access entry for Group_XYZ MemberAccess_Read.
Can anyone please explain this behavior? Does read access take precedence over write access?
We expected that the higher privillege wins, but here it seems that the least restrictive profile between the two is applied (i.e read access)
There is one key difference in how the profiles are assigned to the user, though:
'MemberAccess_Write' is assigned via team
'MemberAccess_Read' is assigned directly to the user
Many thanks in advance for your help