SAP Knowledge Base Article - Public

3037920 - Company Code Authorization Does Not Behave as Intended

Symptom

A user that has company code authorization maintained can still access data from company codes outside of their authorization.



Note: This issue may also occur in viewing I_OperationalAcctgDocCube or a custom CDS view that uses I_OperationalAcctgDocCube


Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

S/4HANA Cloud

Reproducing the Issue

  1. Open the 'Maintain Business Roles' app
  2. Choose the role assigned to the user 
  3. Choose 'Edit' followed by 'Maintain Restrictions'

    1.png

  4. Maintain each instance of the 'Company Code' field

    2.png

  5. Open the 'Manage Journal Entries' app, for example, and see restricted data from all company codes


Note: The above example is based on a user with a single business role assigned.

Cause

The cause of this issue may be due to maintaining the 'Company Code Hierarchy' restriction as 'Unrestricted'.

In such cases, Unrestricted authorization is evaluated to TRUE irrespective of any instance of Company Code Hierarchy. As this affects the authorization of Company Code, access for Company Code is evaluated to TRUE.

Resolution

Maintain the 'Company Code Hierarchies' restrictions, which can be found under 'Read, Value Help', as 'Not Maintained':

3.png

Keywords

company, code, restriction, authorization, not working, failing, user, restrictions, authorizations, I_OperationalAcctgDocCube, CDS view, custom , KBA , FI-GL-IS , Information System , How To

Product

SAP S/4HANA Cloud all versions