KE30 restrict report on company code
I have an issue, I want to restrict access to reports by company code in KE30. It seems that KE30 doesn't use the normal authorisation objects, so I've never done this before. I have followed the steps below:
1. In KE37 created an authorisation object called ZBUKRS.
2. In SU24 for tcode KE30 made sure that object ZBUKRS is YES to be added into roles automatically.
3. In KE32 created a global variable for company code and added it into my report. Regenerated the report.
4. In PFCG added tcode KE30 to my role and populated object ZBUKRS with the company codes I want users to be able to access.
5. Assigned the role to a test user.
6. Logged on as test user and tried to access the report for a company code which I should not have access to. I could access all company codes, this is wrong.
7. Put an authorisation trace on the test user in ST01.
8. Logged on as test user again and run the report.
9. Trace shows that object ZBUKRS is not being checked.
Have I missed something? How do I make sure that my authorisation object is being checked when I run that report via KE30?
Any suggestions welcome.