Sankar,
I completely agree with Steve's recommendation, and to add on to that, going forward I strongly suggest security code reviews, or at a minimum, getting input from someone in the organization who has a solid grasp of the authorization concept and controls in SAP, before the security model and controls environment is compromised by developers who understand neither. If there is no such person on the project/ on staff, training and/or hiring is in order.
Gretchen