Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Limiting auth for FAGLL03 by Profit Center

Former Member

‎10-04-2013 11:57 AM

0 Kudos

Hi All

I'm looking for the way to limit the information that can be pulled from SAP when transaction code FAGLL03 is used.

I believe the information has to be limited by profit center when users use FAGLL03.

However, current situation is that all users can obtain all data by using FAGLL03.

I have tried adding profit center auth objects to the role, but users are still able to pull all data.

Do you have any other ideas to limit the right by profit center?

Regards

2 REPLIES 2

Former Member

‎10-04-2013 4:32 PM

0 Kudos

Finance (Company Code, Account Types, etc) are higher in the food chain of authorizations than what Controlling objects are.

At most you can control navigation into the Controlling reporting and vis-versa.

So this is not possible without a modification which will probably hurt a lot...

Better solution is to give this controller Profit Center reporting capability only for lists, and from there navigate into FB03 etc for that which was prior restricted, but they cannot start FB03 directly and then choose where to go to. Even companies with legal requirements for this manage that way, but you cannot give the restricted user much FI side list reporting as a downside.

Best practice (if possible) is to have an open book policy within the company code. If you can report on PC or CO at all, then you can see everything within the company code and corresponding company code node of the hierarchy.

Even better practice is to say "Pffff..." and the whole company can see where / when the CEO put petrol into his car or what the turnover is of a specific department. But that is not always possible to get approved, even although most modern companies are going that way.

Cheers,

Julius

Colleen
Advisor
Advisor
In response to Former Member

‎10-09-2013 8:13 AM

0 Kudos 

Even better practice is to say "Pffff..." and the whole company can see where / when the CEO put petrol into his car or what the turnover is of a specific department. But that is not always possible to get approved, even although most modern companies are going that way.

Most modern companies may be going that way but there are always the FI Mangers out there who don't want you to know what their is happening in their profit centres of cost centres. Cultural change is pretty much required or 1000s of derived roles and an army of security admin to maintain the roles.