Question:
I need to restrict authorisations to purchase orders (MM) by cost center. Can anyone help?
Answer:
As delivered by SAP you cannot. The base question is WHY? and how much does it cost to do it?
Security is not a substitute for training, data correction tool, nor is it to allow abdication of resposibility.
It is the Cost Center steward's responsibility to monitor their costs and have changes made as needed. it is the responsibility of the PO requester to provide the proper info.
That said, if you have deep pockets you will have to look for a user exit to add code to check on cost center.
Answer:
As delivered by SAP you cannot. The base question is WHY? and how much does it cost to do it?
Security is not a substitute for training, data correction tool, nor is it to allow abdication of resposibility.
It is the Cost Center steward's responsibility to monitor their costs and have changes made as needed. it is the responsibility of the PO requester to provide the proper info.
That said, if you have deep pockets you will have to look for a user exit to add code to check on cost center.
The whole issue is risk. What risk are you protecting against?
Having said that, if there is a legitimate risk and you are willing to spend some money to do this you need to do several things.
1. You need to get expert advice beyond the security function. Very few security people know the configuration options of the modules in any great depth.
2. You need to check the account assignment options by PO. Account assignment happens at the line item level. Is it possible to create a PO document type that only allows account assignment at the cost center level?
3. If memory serves, there is a user exit that could be used to control this.
4. You needd to consider the leakage options as well. Are reservation account assignments controlled? Can anyone change an account during receipt? During invoice entry? How will this all be controlled?
5. How will you manage the individual authorizations? If you have a lot of managers and cost centers do you plan on having a lot of roles? Perhaps this should be handled by tables that are maintained outsiode the authorization concept.
6. etc. etc.
Don't be buffaloed by parocial requirements from a few managers that think you can lock every door that leads to error, omission or other problems. This kind of security is very expensive and generally worthless.
_________________
bwSecurity
Answer:
Thanks for the replies. I received additional advice to create the object to be used in the org levels. From what you have said this will not be a good thing to do.