09-22-2016 11:38 AM
My customer is asking me to put restriction on basis of organization values only for all SAP CO roles. No restriction on any field values Eg Cost Center/Cost Element/Profit Center/Order Type ect.
Is it a good Security design for CO roles?
Please suggest.
Regards
Shradha
09-23-2016 6:29 AM
If the customer is organizationally setup in such a was that controlling is operated centrally and for reporting there is an open book policy, then you will be opening a can of worms if you want to change that. Rather avoid it.
If you must (eg. they have valid requirements to split it which are not based on cost center egoism...) then it is best to split the 4 objects which have RESPAREA as field out of the rest of your roles and try to keep them as simple as possible in a series of roles which contain only these objects -> eg. base them on hierarchy nodes and if you must, then also on type fields. Also not that type fields become obsolete later with S/4HANA and if they have set them up with an organizational flavor to the types then it will hurt a lot in the authorizations -> no way to promote it to an org.level without shooting yourself in the foot.
In summary: avoid it if you can. Don't go looking for trouble... 🙂
Cheers,
Julius