SAP Knowledge Base Article - Public

3456106 - Limit exceeded error shows and Scoped Role which has more than 100 spaces are missing when updating user's Role setting in Datasphere

Symptom

  •  "The following users have exceeded the limit of 100 scoped roles" error shows when updating the user's role setting in Security > User page 
  • The scoped role which has more than 100 spaces also gets removed from the user which worked before updating the user's role setting

Environment

SAP Datasphere

Reproducing the Issue

  1. Logon to Datasphere
  2. Go to Security > Users page
  3. Assign a new Role to the user, or remove some Role.  Note that the user has some Scope Role assigned already, and the Scope Role has more than 100 spaces assigned
  4. Save the changes
    => "The following users have exceeded the limit of 100 scoped roles" shows. In addition, the Scoped Role are missing which worked before updating the user role setting

Cause

  • For "The following users have exceeded the limit of 100 scoped roles" error, refer to the below KBA.
    3456079 - "The following users have exceeded the limit of 100 scoped roles" error shows when assigning a Scoped role with more than 100 spaces assigned to a user in Datasphere
  • For the reason why scoped role get missing, is caused by another limitation on the Security > Users page saving logic.
  • When saving a user in the Security > Users page, the current logic will first remove all role assignments from that user and then assign all roles to the user based on what was in the request body. We do this because we save the user definition when users are updated. So if the Scope Role has more than 100 spaces assigned, the error shows and that Scope Role fails to be assigned back to the user,

Resolution

  • With the new upcoming UI improvement to User Management page developer plans to figure out a better solution for this issue and fix it. But at the moment changing the logic would be too risky and time-consuming, hence there is no timeline when the feature could be implemented.
  • We suggest users do all assignments through the roles page for now to avoid this issue.

Keywords

restriction, dwc, unexpected, privilege , KBA , DS-SEC , Security (Users, Roles) , Problem

Product

SAP Datasphere all versions