Solved: Transaction MCG3 showing more than allowed Company...

former_member392334 · ‎06-22-2015

Hi Experts,

In my company we have a financial role that has been created sometime ago and recently we notice that it allows user to input any Company Codes that is not in the Organizational Level of the role. For example, the role has transaction MCG3 and only CC 3360, 3370 and 7360. If user runs MCG3 with CC 3310 he/she can see the data from that 3310 Company code.

I run trace ST01 and MCG3 checks the following auth.: M_IS_VKORG, M_IS_VTWEG, M_IS_WERKS withou any error.

Any advise will be appreciated..

Thank You

Bernhard_SAP · ‎06-24-2015

Dear Josimar,

unfortunately you did not mention, whether really 3310 was checked.

Furthermore you need to check, if the check was 'disabled' in SU24 (or generally). If your system/Kernel is actual, you would see that in the ST01-result also.

b.rgd,s Bernhard

View solution in original post

Bernhard_SAP · ‎06-24-2015

Dear Josimar,

unfortunately you did not mention, whether really 3310 was checked.

Furthermore you need to check, if the check was 'disabled' in SU24 (or generally). If your system/Kernel is actual, you would see that in the ST01-result also.

b.rgd,s Bernhard

former_member392334 · ‎07-09-2015

Than you Bernhard !

I looked into SU24 and wasn't mark as " check " for those authorization, but after I changed to " check", now I am having the following message even for the CC that was supposed to work:

" Authorization check: Scope of selection ' Sales Organization' was restricted."

Bernhard_SAP · ‎07-09-2015

moved to the application (Retail) - the application decides of how to react on authority-check results....

Transaction MCG3 showing more than allowed Company Codes