cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to keep Sales people within the same division from viewing pricing info of each other

Former Member

on ‎02-02-2016 7:40 PM

0 Kudos

Dear Experts,

I would like to know if any of you will be able to help me, I am trying to see, via SAP Security  what is a way we restrict our sales people who belong to same division , not to be able to see the pricing information to customer from another sales person.

Any help would be greatly appreciated

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎02-02-2016 11:28 PM
0 Kudos

To "ground zero" this again... are you referring only to transfer pricing?

Perhaps you can also describe in your question how the pricing related customizing is set up.?

-> a well informed question gets a well informed answer.

Cheers,

Julius

Show replies
Show replies
Former Member
‎02-02-2016 10:28 PM
0 Kudos

Thomas,

If you want advice from SAP Security experts, the Security space is a more fruitful place for posting such questions, but perhaps some of the leaders there will chime in.

I am with Veselina in that I don't see the business value in going to such lengths. The short answer is, yes, certainly, with enough time and money anything can be done, but is it a smart use of the organization's resources?   In my 18+ years of SAP security experience, when people from the business asked for such granular security including custom code, custom authorization checks, and very granular role redesigns, I sat them down and calculated the costs of such level of customization including the ongoing maintenance of the code and the security, I would tell them to come back when they had the budget approval, and they were never heard from again.

Just because something can be done does not mean it is a good idea unless there is some regulatory or compliance requirement driving it..

Any thoughts?

Gretchen

Show replies
Show replies
Jelena
Active Contributor
‎02-02-2016 9:51 PM
0 Kudos

Maybe just don't give sales reps access to the condition records?

Also don't forget to take away their cell phones because goodness forbid they just call their colleagues and ask them. They could even pretend they are a customer asking for a quote (those sales reps can be very crafty!).

Show replies
Show replies
Former Member
‎02-02-2016 10:44 PM
0 Kudos

LOL

Actually you cannot successfully hide this. Even in the search help they will see the description, which if it does not tell you enough about the condition then it is badly described....

I suspect this is some mindless GRC compliance effort taken to the extremes because the customer managed to comply with everything else the GRC audits came up with...

Having said that... a more likely scenario is a multi-national with a post box in Lichtenstein? The local accountants and auditors can see work out how the pricing turn table works. They will most likely request SE16 access anyway as that is all they know.

This question certainly has a security "tag" to it but belongs in the application problem (try opening an OSS note about VA01 in BC-SEC...) so it should stay here in SD area because it also relates to credt control areas probably...

Cheers,

Julius

VeselinaPeykova
Active Contributor
‎02-02-2016 8:28 PM
0 Kudos

I do not fully understand the question and the business case.

Could you please elaborate on what kind of information you wish to restrict, preferably with examples of transactions, screenshots?

What are the risks, that your customer wishes to mitigate by preventing the business developers/order entry clerks within the same sales organization from displaying "the pricing information to customer" (whatever that is)?

In case you meant people in different sales organizations, then this is probably a very trivial case - just run SU24/SUIM for a very brief overview on what is available with standard tools.

If this is about some z-report, where you wish to implement additional authorization checks, you will need to discuss the best approach with the developer and with the security consultant.

Show replies
Show replies
Ask a Question