Question:
We are implementing CO-PA and want to restrict users from running reports on other users' data - meaning they should only be able to run reports on their own sales items based on their Sales Employee number, which is equivalent to their HR Master Data Personnel Number.
For example, UserA can only run reports for UserA's sales items. UserA cannot access any information on UserB or UserC's activity.
Is there a way to add this authorization to ONE security role without having to create a separate security role for EACH personnel number?
Thanks!
Valerie
R/3 Enterprise
Answer:
You will first have to see if the specfic reports even contorl on HR data. An ST01 trace will tell you, but you have to have P_ORGIN turned on and no access to P_ABAP.
Chances are you cannot do what you want since CO/PA does not care about HR.
The next question is "What is the risk to the company (financial loss) and the potential for it to occur for the user to see someone elses data that you spent million on to purchace to get integrated real time data to turn into Informations?" Most likely answer. Not worth the effort.
Answer:
COPA is like BW. It allows you to create your own reporting objects. But for it to work meaningfully personnel number would have to be part of the "cube". This is not likely to be a good data modelling strategy.