Hi,
I have created a planning model in SAC in which department controllers can plan the cost of their personnel on a personal level, with very specific personnel cost data based on actual salary cost (originating from the payroll). Frequently, it happens that an employee works 50% for department A en 50% for department B. His/her "payroll cost center", the cost center on which his/her full salary is booked after the payroll run, is always a single department, e.g. department A. Then, a journal entry item is created to allocate 50% of his/her salary from department A to department B. The planning should be in line with the actual journal entries, so for the planning and budgeting part the financial controller of department A is responsible for correctly planning this employee (with 50% of the cost for department A and 50% department B) in accordance with the controller of department B.
We have created a Data Action that the financial controller of each department can use to plan all his/her existing employees, but also new employees (with employee ID = #) by filling in an amount. He/she is able to plan 50% of the salary cost to department A and 50% to department B. If the controller is authorised to read and write to department A only and not to department B, he/she can run the Data Action and plan the costs, but is unable to publish the data to department B, since he/she has no write access to it.
We want to limit the authorisation of data that is visible to each controller and authorise the financial controller of department A to be able to only read and write data to department A, but not automatically see all data of department B by default. If we enable write access to department B for this controller, he/she automatically can see all data of department B by default.
See an example below in which the user YWS220 had both read and write access to the first 6 profit centers, but only write access without read access to all other profit centers:
Implementing this results in all data of all profit centers being visible to YWS220 by default.
In this example I have limited the scope to two departments only, but in reality there are tens of departments and we do not want to authorise every controller of each individual department with read and write access to every other department.
I am looking for the possibility to give someone write access to another department without read access. Does anyone have an idea how to properly implement this or any other smart suggestions that I can look into?
Other possibilities I have looked into are so far are:
- Filtering the data that controller of department A can see by default in the planning story, so he/she is able to write to any other department but can only see the data of department A in the story. This requires a dynamic filtering of the data in the table based on the user viewing the data (which is not possible if I am not mistaking) and will lead to situations in which the controller planning someone for 50% to department B with a Data Action, but he or she is then unable to actually see the result of the Data Action in the story.
- Creating an additional dimension "autorisation key", which looks like DEPA_DEPB, DEPA_DEPC, DEPC_DEPA, ..) so if DEPA is in the key, he or she has read and write access to the profit center and to all other profit centers has write access only. See the screenshot below:
This does not solve our problem of write access without read access and we were unsuccesful yet in implementing this correctly with this approach.
Any help or suggestions are appreciated!
- SAP Managed Tags:
Accepted Solutions (0)
Answers (1)
| User | Count |
|---|---|
| 80 | |
| 11 | |
| 10 | |
| 8 | |
| 8 | |
| 6 | |
| 6 | |
| 6 | |
| 4 | |
| 4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.