Currently, the access to manipulate Supplier Objects is based on membership to the Supplier Administrators group. This membership also allows a user to manipulate the AML table of the OEM part without having to checkout the OEM part. Often, the responsible business group for managing the supplier itself (e.g. Supply Base Manager), is not the same as the business group that is responsible for selecting available suppliers to fulfill a material (e.g. Supply Management/Procurement Manager) which equates to AML table manipulation activities. Also, it is not ideal to require that the AML table manipulators must checkout the OEM part (i.e. the design part) in order to manipulate the AML table. The design part should be controlled by engineering in most cases. Therefore, it is ideal that the AML table users should have Supplier Administrator membership in order to do their work in the AML table without having to checkout the OEM part.
The issue is that the AML table users should not also have the ability to create/edit/delete/set state on the Supplier object either. When setting Deny ACLs on the AML table users for these actions, only the create/edit/delete Deny is effective. These users are still able to perform set state on the Supplier because of their Supplier Administration membership.
Please create functionality that allows an administrator to specifically set up the ability to allow AML table edit permissions without checking out the OEM part that can be set apart from being a full Supplier Administrator. This would more accurately reflect real-life business scenarios where Engineering != Supply Base Management != Supply Management/Procurement, i.e. three distinct business functions that should have their own specific accesses/permissions/functionalities across OEM part, AML, Supplier.