Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SAP CO roles with no restriction on any Authorization fields except Organization Values is a good Security design or not?

0 Kudos

My customer is asking me to put restriction on basis of organization values only for all SAP CO roles. No restriction on any field values Eg Cost Center/Cost Element/Profit Center/Order Type ect.

Is it a good Security design for CO roles?

Please suggest.

Regards

Shradha

1 REPLY 1

Former Member
0 Kudos

If the customer is organizationally setup in such a was that controlling is operated centrally and for reporting there is an open book policy, then you will be opening a can of worms if you want to change that. Rather avoid it.

If you must (eg. they have valid requirements to split it which are not based on cost center egoism...) then it is best to split the 4 objects which have RESPAREA as field out of the rest of your roles and try to keep them as simple as possible in a series of roles which contain only these objects -> eg. base them on hierarchy nodes and if you must, then also on type fields. Also not that type fields become obsolete later with S/4HANA and if they have set them up with an organizational flavor to the types then it will hurt a lot in the authorizations -> no way to promote it to an org.level without shooting yourself in the foot.

In summary: avoid it if you can. Don't go looking for trouble...  🙂

Cheers,

Julius