Hi Experts,
In my company we have a financial role that has been created sometime ago and recently we notice that it allows user to input any Company Codes that is not in the Organizational Level of the role. For example, the role has transaction MCG3 and only CC 3360, 3370 and 7360. If user runs MCG3 with CC 3310 he/she can see the data from that 3310 Company code.
I run trace ST01 and MCG3 checks the following auth.: M_IS_VKORG, M_IS_VTWEG, M_IS_WERKS withou any error.
Any advise will be appreciated..
Thank You