Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Authorization Restrictions in SAP

Former Member

‎04-27-2010 11:43 AM

0 Kudos

Hi,

We are implementing SAP ECC6.0 with Enhancement Package 4 at our client.

The scenarios is that we have implemented 2 company codes created in a shared SAP ECC 6.0 environment.

We will have separate SAP users in each of these company codes and no common users.

We have a requirement from the client to completely restrict the company code data from each other.

The level of restriction expected is eavery user in a company code should be able to even see the F4 help values of the other company code data. For eg, User in Company Code 1 should not be able to view any data from company code 2 and vice versa.

Please suggest a suitable solution to completely mask data from each other in SAP.

Thanks

5 REPLIES 5

arpan_paik
Active Contributor

‎04-27-2010 12:29 PM

0 Kudos

Hi Sateesh,

Have you considered that each transaction in SAP does not have mandatory check for company code. Means every buisness data in SAP is not protected by company code.

For data having protection with company code you definately can restrict by providing required company code in role.

However for F4 help does that have a restriction??? I am sure you can try a trace in that matter whether authorization has been included in the same

Arpan

Bernhard_SAP
Employee
Employee

‎04-27-2010 1:11 PM

0 Kudos

Hi,

how aboaut using 2 different clients as you strictly seperate the company codes?

b.rgds,

Bernhard

Former Member

‎04-27-2010 6:57 PM

0 Kudos

Sateesh,

I agree with both statements below. Not all transactions and/or data is aligned to the Company Code and coded into authorization checks. Additionally building out 2 sepereate clients will keep it segregated and transactional (client-dependant) data within its own client/company code.

Thanks,

Matt

Former Member

‎05-06-2010 9:57 AM

0 Kudos

Hi Sateesh

Access can be restricted based for seperate company codes by creating seperate derived roles for each company code. However as already posted by others not all transactions have a check on company codes. You would probabely need to run a trace to check if viewing F4 values of company codes can be restricted or not. However I dont think that we can restrict it.

Thanks.

Anjan

Former Member

‎05-06-2010 12:59 PM

0 Kudos

check the Forum for other posts on search help exit to restrict F4 values. There are some helpful comments by Alex & Martin