Question:
A quick question:
If in a role it is configured as:
company code: company01
Activity: *
purchasing group: *
sales groups: *
Does this authorisation allows users to view data in sale groups in company02? In other words, is there a controlling relationship in organisaitonal levels, such as operating concern controls --> company codes --> sales groups? if we want users to only play in company01, would the only org level to be specified is company code?
Thanks in advance.
Answer:
company code: company01
Activity: *
purchasing group: *
sales groups: *
Depends, Is the above ONE authorization in a a role where the authorization object contains all the fields, or is this two or more authorization where the fields are in diferent authorization objects?
I beleive the latter is true, so therefore the answer is they can use only Company code "company01" but any purchasing group and/or sales group in ANY company.
Answer:
[quote="John A. Jarboe"]company code: company01
Activity: *
purchasing group: *
I beleive the latter is true, so therefore the answer is they can use only Company code "company01" but any purchasing group and/or sales group in ANY company.
HI John,
Thanks for the reply.
So I guess there is no main switch, i.e. there is no controlling relationship between company code and sales/purchasing group.
Basically we have multi-companies in different countries, but some the companies roles were designed as the example I showed above in the organisational levels in PFCG. The belief is that the users in those contries won't be able to access other countries data as they believe company code is their company, which control all the levels below the company code, in this case, sales/purchasing groups.
Can I confirm with you that the users in company01 will still be able to see data in a sales group in another country? If yes then we got a lot to do to change all the * in org levels.
Thanks again.
Answer:
There is a relationship as you stated, it is just that SAP security could care less. Access is controlled by Authorization objects and the combination os fileds that define the object.
People in 'company01' can see other sales orgs/ purchasin groups, etc provided the authorization object defining the control does not have the field tied together in the saem object
Answer:
Thanks John for your sooo quick reply.
This gives me the confidence.