https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue-infi/m-p/5870228#M1323141 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Build two roles one for change access in limited company codes and and other for diplsay access for all company codes.</P><P></P><P>In the display access role for all activities provide 03 access . The object F_BKPF_BUK restricts the access on company codes.</P><P></P><P>the object F_BKPF_BES provides restrictions on authorization groups. To know more about this object visit</P><P></P><P><A href="http://help.sap.com/saphelp_40b/helpdata/en/50/1a39516e36d1118b3f0060b03ca329/content.htm" target="test_blank">http://help.sap.com/saphelp_40b/helpdata/en/50/1a39516e36d1118b3f0060b03ca329/content.htm</A></P><P></P><P>And for Z transactions, developers need to have incude authorization checks for programs they develop along with assignments in SU24. Parameter transactions derives the authorization checks from parents.</P><P></P><P>Regards,</P><P>Gowrinadh Challagundla</P></BODY></HTML> Wed, 22 Jul 2009 06:03:57 GMT Former Member 2009-07-22T06:03:57Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue-infi/m-p/5870227#M1323140 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>We are having a requirement to provide a set of users with posting authorisation in some company code but at the same time we also need to give them view only access for all co codes.</P><P> </P><P>By posting authorisation ,I mean -FB50,FB60,FB70 .F-48 ,F-53 ,F-58 ,F-02 type authorisation.</P><P> </P><P>By view only authorisation , I mean FBL1N,FBL3N,FBL5N, i.e report access.</P><P> </P><P>Basically I want to restrict the organisational assignment at each t code level. I also want to have the same authorisation control such as auth group, co code assignement etc at z reports . </P><P> </P><P>Pls share with us the process through which it can be done.</P><P></P><P></P><P>Regards,</P><P>Eswar</P></BODY></HTML> Wed, 22 Jul 2009 05:41:37 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue-infi/m-p/5870227#M1323140 Former Member 2009-07-22T05:41:37Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue-infi/m-p/5870228#M1323141 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Build two roles one for change access in limited company codes and and other for diplsay access for all company codes.</P><P></P><P>In the display access role for all activities provide 03 access . The object F_BKPF_BUK restricts the access on company codes.</P><P></P><P>the object F_BKPF_BES provides restrictions on authorization groups. To know more about this object visit</P><P></P><P><A href="http://help.sap.com/saphelp_40b/helpdata/en/50/1a39516e36d1118b3f0060b03ca329/content.htm" target="test_blank">http://help.sap.com/saphelp_40b/helpdata/en/50/1a39516e36d1118b3f0060b03ca329/content.htm</A></P><P></P><P>And for Z transactions, developers need to have incude authorization checks for programs they develop along with assignments in SU24. Parameter transactions derives the authorization checks from parents.</P><P></P><P>Regards,</P><P>Gowrinadh Challagundla</P></BODY></HTML> Wed, 22 Jul 2009 06:03:57 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue-infi/m-p/5870228#M1323141 Former Member 2009-07-22T06:03:57Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue-infi/m-p/5870229#M1323142 <HTML><HEAD></HEAD><BODY><P>Hi Kumar,</P><P></P><P>1) You can Derive role from parent role for all company codes and provide view </P><P>access for all company code activity 03 </P><P></P><P>2) For posting authorization Please Goto : <A href="http://help.sap.com/saphelp_trbk30/helpdata/en/5b/47fa3a8c46120fe10000000a114084/content.htm" target="test_blank">http://help.sap.com/saphelp_trbk30/helpdata/en/5b/47fa3a8c46120fe10000000a114084/content.htm</A> </P><P></P><P></P><P>Regards</P><P>Vikas rana</P></BODY></HTML> Wed, 22 Jul 2009 09:20:56 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue-infi/m-p/5870229#M1323142 Former Member 2009-07-22T09:20:56Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue-infi/m-p/5870230#M1323143 <HTML><HEAD></HEAD><BODY><P>Hi Gowrinadh,</P><P></P><P>Thanks for prompt reply.</P><P></P><P>I have craeted two roles and assigned both roles in to one user but problem still remaining.my question is </P><P>we have to provide with posting authorisation in some company code but at the same time we also need to give them view only access for all company codes.</P><P> my concen is here only if user will work on both these activity due to authorization available in both roles then he can able to posting as well.</P><P></P><P></P><P></P><P>thanks in advance.</P><P></P><P>Regards,</P><P>Eswar</P></BODY></HTML> Wed, 22 Jul 2009 11:00:22 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue-infi/m-p/5870230#M1323143 Former Member 2009-07-22T11:00:22Z