Authorization check on Function module return values
I have a tricky situation. In our BW implementation, many of the FI infoobjects are authorization relevent. One of the objects is 0COSTCENTER. A user has been assigned with authorization profile, in which the user is authorised for COST CENTER = A* and #. All planning templates were working nice.
We were on SP 12 earlier, now we upgraded to SP 20. Now came a issue, the user gets error that user is not authroised for the data. After our analysis, we found nothing wrong as such, so contacted SAP. They came back with a root cause
In my planning function, an ABAP function module is used. The function module returns a COSTCENTER value. This return value is then assigned to a variable, this variable is of type 0COSTCENTER.
SAP said there was a bug in their own design. The bug was, if the cost center value is directly used in planning function for other calculations, it will throw an authorization error. But, if the COST CENTEr value is given to a variable and that variable is used for other calculations, it works fine. Thats why it worked for us earlier.
Now, they have removed that bug, so variables are also checked against authorizations and they said we need to either change the code or give * for the COST CENTER authorization.
So we have a problem. It is not straight forward to give * for COSTCENTER in FI BW implementation. SAP theory is that they cannot say which value the functional module will return. So they will check against ALL the values for COSTCENTER but not the authorised values.
Has anyone seen this issue before? is it only specific to planning function or its just ABAP concept? Any suggesations to come out this problem?
The error is coming at the program compile level itself i.e. before executing the planning group itself. As per the F1 help on forumla editor and from their support, the system reads all the reference data, So when it sees the function module and its export parameter, it captures all the data for COST CENTER as reference data.
Thus even I am sure that the return value will be always authorized, the reference data is checked for the full authorization. Thus its failing