Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Company code problem in Controlling area Tcodes

Former Member
0 Kudos

Hi All,

We are following role based authorisation for creating roles for FI/CO module and we are seggregating roles as per the company codes.We are assigning Tcodes like KO01,KO02,KO03(Internal order) and KS01,KS02,KS03(cost center) which are connected with Controlling area in one role.We have 5 company codes and we are trying to create 5 roles with the above Tcodes for 5 different company codes.

The problem we encountered is when we entered the Tcodes in the role, and we get to the 'Change authrisation data' option in the 'Authorisation' tab in PFCG, the system is not prompting for the Company code organisational level. Hence in this case, a user will be able to access the above mentined Tcodes for all the company codes. But we need to create a role in such a way that a user who is assigned this role is only able to access Tcode like KO01,02,03 etc for his company code only and should not be authorized to access these Tcodes for remaining 4 company codes.

Can anybody please help me with a way to restrict these Tcodes to a particular company code in our scenario.

Thanks and Regards,

Abdul Khyoom A.

4 REPLIES 4

Former Member
0 Kudos

hi,

here you can do one thing, check the authorization objects which is holding the company code (bukrs). Then directly you maintain the values there.

if you need more send me the authorization objects.

thanks

Ashok

0 Kudos

Hi Ashok,

Thanks for the response.

Here in my case, when I insert the Tcodes related to conrolling like(KO01,KO02,KO03 etc) in a role, then I dont find any authorization objects(bukrs) which is related to the company code in the authorization genaration area in PFCG. So there is no way I can maintain values in them.

Please suggest any alternate solution.

Thanks and Regards,

Abdul Khyoom A

0 Kudos

if you look in SU24 you will see that there is no object available with Field BUKRS in TRX KO01/02/03. (internal orders) , so it seems not be relevant.

Solution can be, find an object (with field BUKRS) that has relevance to the data end have an ABAPPER add this as a custom authorisation check to a userexit in the programm.

0 Kudos

Dear Abdul Khyoom,

Here is object K_VRGNG (Controlling Area) you can restrict user by assining perticular Contrilling area of company.

Hope this will help you creating roles,

Thanks

Kavita