3037920 - Company Code authorization does not behave as intended

A user that has company code authorization maintained can still access data from company codes outside of their authorization.

Note: This issue may also occur in viewing I_OperationalAcctgDocCube or a custom CDS view that uses I_OperationalAcctgDocCube

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP S/4HANA Cloud

1. Open the 'Maintain Business Roles' app.
2. Choose the role assigned to the user.
3. Choose 'Edit' followed by 'Maintain Restrictions'.
   
   
   
   
4. Maintain each instance of the 'Company Code' restriction as required.
   
   
5. Open the 'Manage Journal Entries' app, for example, and see restricted data from all company codes.
   
   
   

Note: The above example is based on a user with a single business role assigned.

• The cause of this issue may be due to maintaining the 'Company Code Hierarchy' restriction as 'Unrestricted'.
• In such cases, Unrestricted authorization is evaluated to TRUE irrespective of any instance of Company Code Hierarchy. As this affects the authorization of restriction type Company Code, access for Company Code is evaluated to TRUE.

Maintain the 'Company Code Hierarchies' restrictions, which can be found under 'Read, Value Help', as 'Not Maintained':

The following documentation describes the authorizations and relation of the different restriction types for Company Code in more detail -

https://help.sap.com/docs/SAP_S4HANA_CLOUD/6b39bd1d0e5e4099a5b65d835c29c696/76c59195039142338af63e8a1a7c016f.html?locale=en-US

company, code, restriction, authorization, not working, failing, user, restrictions, authorizations, I_OperationalAcctgDocCube, CDS view, custom , KBA , FI-GL-IS , Information System , FI-GL-IS-2CL , Information System (Public Cloud) , How To

SAP S/4HANA Cloud Public Edition all versions ; SAP S/4HANA Cloud all versions