Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authorization Issue inFI

Former Member

‎2009 Jul 22 6:41 AM

0 Likes
580

Hi All,

We are having a requirement to provide a set of users with posting authorisation in some company code but at the same time we also need to give them view only access for all co codes.

By posting authorisation ,I mean -FB50,FB60,FB70 .F-48 ,F-53 ,F-58 ,F-02 type authorisation.

By view only authorisation , I mean FBL1N,FBL3N,FBL5N, i.e report access.

Basically I want to restrict the organisational assignment at each t code level. I also want to have the same authorisation control such as auth group, co code assignement etc at z reports .

Pls share with us the process through which it can be done.

Regards,

Eswar

3 REPLIES 3
Read only

Former Member

‎2009 Jul 22 7:03 AM

0 Likes
529

Hi,

Build two roles one for change access in limited company codes and and other for diplsay access for all company codes.

In the display access role for all activities provide 03 access . The object F_BKPF_BUK restricts the access on company codes.

the object F_BKPF_BES provides restrictions on authorization groups. To know more about this object visit

http://help.sap.com/saphelp_40b/helpdata/en/50/1a39516e36d1118b3f0060b03ca329/content.htm

And for Z transactions, developers need to have incude authorization checks for programs they develop along with assignments in SU24. Parameter transactions derives the authorization checks from parents.

Regards,

Gowrinadh Challagundla

Read only

Former Member

‎2009 Jul 22 10:20 AM

0 Likes
529

Hi Kumar,

1) You can Derive role from parent role for all company codes and provide view

access for all company code activity 03

2) For posting authorization Please Goto : http://help.sap.com/saphelp_trbk30/helpdata/en/5b/47fa3a8c46120fe10000000a114084/content.htm

Regards

Vikas rana

Read only

Former Member

‎2009 Jul 22 12:00 PM

0 Likes
529

Hi Gowrinadh,

Thanks for prompt reply.

I have craeted two roles and assigned both roles in to one user but problem still remaining.my question is

we have to provide with posting authorisation in some company code but at the same time we also need to give them view only access for all company codes.

my concen is here only if user will work on both these activity due to authorization available in both roles then he can able to posting as well.

thanks in advance.

Regards,

Eswar