SAP Knowledge Base Article - Public

3356685 - S/4HANA Cloud : Restrictions on Company Code(M_RECH_BUK)

Symptom

When Restriction Type enabled for Company Code(Object M_RECH_BUK ).

Value help for following Fiori app will still display Company code value.

Supplier Invoices List (MM-FIO-IV)
Display Line Items in General Ledger (FI-FIO-GL-IS)
Manage Billing Documents (SD-FIO-BIL)
Manage Project Billing (PS-FIO) 

Cause

Each app has its own restriction type and authorization check. In general, currently, restriction on the value help for company codes is not offered. So, the value help will always offer all company codes, however the specific app will of course only show data for the restricted company code, if the app is offering a company code restriction.

For app "Supplier Invoices List", any restriction on "Invoices: Company Code (Authorization Object M_RECH_BUK)" does not apply for the value help. Company code can be seen always when using value help in Fiori App Supplier Invoices List. This is standard system design.

  • According to the security concept, the pure existence of a company code itself does not need to be protected within a group. So, it should not cause any harm if the company codes can be seen.
  • M_RECH_BUK really only holds for the invoice activity (post, park etc.) and is not intended to restrict the company code itself.
  • But when you enter and post a supplier invoice and you have already set the corresponding company code restriction in the business role. The company code restriction will work in app Supplier Invoices List.

For app "Manage Billing Documents" not following the expected company code restriction, unfortunately the restriction on Company Code is not supported in Manage Billing Documents app. Only restriction on Sales Org.  and Billing Type are supported.

For app "Display Line Items in General Ledger" here the restriction type that checks the company code it is basically "Company Code / Ledger / Record Type / Version" and "Company Code" and within finance analytics we are consistently using this restriction type.

Resolution

Since the value help is displaying the company codes including the ones that the user is not authorized, the suggestion would be to make code changes to display only those company codes that the user is authorized to see.

Keywords

KBA , MM-IV-LIV , Logistics Invoice Verification , XX-SER-MCC , Mission Control Center - Knowledge Management , How To

Product

SAP S/4HANA Cloud 2302