01-30-2009 2:39 PM
Hi Security experts,
As you know, BUKRS, WERKS, EKORG, VKORG etc are standard SAP organizational levels.
Although it might sound quite strange, have you ever add a custom organizational level to the SAP Security model?
Many thanks in advance. Best regards,
Imanol
01-30-2009 2:45 PM
01-30-2009 3:26 PM
Thanks for the quick response Jurjen.
Is there any risk (in terms of business consitency) by making a field becoming an org rule?
What is the details after creating a new org. level thtough such program?
Where could I find further doc for such program?
Thanks in advance. Best regards,
Imanol
01-30-2009 4:44 PM
Well, I suggest you do not only search the forum but SAP service marketplace as well. There is quite a bit of documentation on this program, and some useful notes.
01-30-2009 6:24 PM
Hi,
Just to add
Make sure you create new org fields or promote the auth fields to org fields when the system is installed freshely.
If the system is live and running and if you convert auth field to org field or create a new one then many SODs may come into picture and further company SOX may be voilated.(but expert analysis and design may avoid the problems)
I found the this link where you can begin your search [here|http://help.sap.com/saphelp_erp2005/helpdata/en/8e/47745453f84d20bd828e785a7d5eb6/frameset.htm]
Regards
Rakesh
01-30-2009 9:51 PM
Hi Rakesh,
I'm interested to hear of any SOD or SOX violations which would occur as a result of changing a field to an org level. After all, the content of the role will not necessarily change......
Cheers
Alex
02-05-2009 7:29 PM
Hi Alex,
I agree that if a authorization field is converted to organization field then the resulting role contents will be same.
Let us take an example of profit center authorization field which is distributed across the sytem in parent and derrived roles. If this field is promoted as an organization field then its no more maintained in the parent role and have to be maintained individually in derrived role. If the distribution is vast then few SODs may come into picture.
Let me know if I am missing something !
Rakesh
02-05-2009 9:44 PM
Hi Rakesh,
While that situation may lead to data issues, it's not going to lead to SOD's in the traditional sense. If you are working on data segregation then converting to an org level may help the effort from a design perspective rather than cause SOD's. There are drawbacks to creating org levels, just not convinced that increasing SOD's in one of them.
Cheers
Alex