on 03-10-2021 1:55 PM
Hi,
I have created a planning model in SAC in which department controllers can plan the cost of their personnel on a personal level, with very specific personnel cost data based on actual salary cost (originating from the payroll). Frequently, it happens that an employee works 50% for department A en 50% for department B. His/her "payroll cost center", the cost center on which his/her full salary is booked after the payroll run, is always a single department, e.g. department A. Then, a journal entry item is created to allocate 50% of his/her salary from department A to department B. The planning should be in line with the actual journal entries, so for the planning and budgeting part the financial controller of department A is responsible for correctly planning this employee (with 50% of the cost for department A and 50% department B) in accordance with the controller of department B.
We have created a Data Action that the financial controller of each department can use to plan all his/her existing employees, but also new employees (with employee ID = #) by filling in an amount. He/she is able to plan 50% of the salary cost to department A and 50% to department B. If the controller is authorised to read and write to department A only and not to department B, he/she can run the Data Action and plan the costs, but is unable to publish the data to department B, since he/she has no write access to it.
We want to limit the authorisation of data that is visible to each controller and authorise the financial controller of department A to be able to only read and write data to department A, but not automatically see all data of department B by default. If we enable write access to department B for this controller, he/she automatically can see all data of department B by default.
See an example below in which the user YWS220 had both read and write access to the first 6 profit centers, but only write access without read access to all other profit centers:
Implementing this results in all data of all profit centers being visible to YWS220 by default.
In this example I have limited the scope to two departments only, but in reality there are tens of departments and we do not want to authorise every controller of each individual department with read and write access to every other department.
I am looking for the possibility to give someone write access to another department without read access. Does anyone have an idea how to properly implement this or any other smart suggestions that I can look into?
Other possibilities I have looked into are so far are:
This does not solve our problem of write access without read access and we were unsuccesful yet in implementing this correctly with this approach.
Any help or suggestions are appreciated!
We are also struggling to find a real solution to this exact problem.
I suggest you to immediately vote here https://influence.sap.com/sap/ino/#/idea/247269
and address this to SAP representatives, like we have, but without success so far.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
11 | |
10 | |
8 | |
8 | |
6 | |
6 | |
6 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.