Authorization group in Gl account

Similar Messages

• Authorization for G/L Accounts

  Dear Gurus,
  Can you please provide me some information for G/L Accounts authorization objects.
  I need to set authorization for one G/L Account for one user only. I know authorization object F_BKPF_BES, but it´s used for authorization group G/L Account and I would need only for one specific G/L Account.
  It´s possible?
  Best Regards
  Jakub Vaněk

  Do you want the authorizaion Check at the time of Posting or Display of GL Accounts?
  if you want authorization at the Posting level then you may try to use validation in SAP
  Please let me know if it help you.
  Regards,
  Vivek

• Authorization Group for G/L Account

  Hi,
  What?
  - I wish to restrict the 'posting' of a G/L account to be done by certain users only
  How?
  - What I have done was...
  a) From FS00, I have added a free-text (BANK) into the Authorization Group for a G/L account
  b) From PFCG, a new role was created to allow these 2 Authorization Objects, F_BKPF_BES and F_SKA1_BES
  c) 'BANK' was entered for the Authorization Group for both these 2 Authorization Objects
  d) From there, I have assigned this new role to the user that I wish to allow Posting of the G/L account
  Problem?
  - Other users still can do Posting for this G/L account
  - Any steps which I have missed out here or done wrongly?
  Thanks,
  Brandon

  Hi,
  Some other roles of the users may override and cause the users to post against this GL account.
  Check all the roles relevant for the restricted users. 
  Use SUIM t-code to find if the auth object mentioned above is included in any other role.
  If it be, restrict that again.
  Generally if one role as no restriction against this auth and not all, this issue tends to happen.
  Regards,
  Sridevi

• How to create authorization groups for G/L Accounting

  Hi:
  I have a problem with authorizations groups in FI, I hope you could help me.
  We want to control access to accounting in FI by authorization group so user only can work with some G/L accounts.
  I have seen in transaction FS00, in control data tab, a field called Auth. Group, but I really donu2019t know if this is the right field.
  Do you know how I can control access to G/L Accounts by Authorization Groups? Perhaps must I to create a new Authorization Group by roles? We have 4.6c.
  Please, any help is welcome.
  Thanks in advance.

  Hi
  Update the authorization group field in the GL master with any user defined value and then include the same in the respective user roles against the authorization object - F_BKPF_BES-BRGRU in PFCG
  Ensure you have updated 'Authorization group' for the GL accounts in your chart of accounts
  Thank You,

• Authorization group in GL A/C

  Hi,
      I have a role that has the authorization group in the authorization objects  F_BKPF_BES , F_SKA1_BES  updated only with 'AUTH' but the same role is also able to access GL accounts with authorization group 'REST'.
     I want to restrict the role to access GL Accounts only with authorization group 'AUTH'.
  How to do it.Kindly advise.
  Thanks.

  GL account Authorization
  Re: How to create authorization groups for G/L Accounting
  Thanks
  Javed

• Use of Authorization Group in OB52

  Dear Experts,
  I have updated Authorization Group as "OB52" in the last column of OB52 T-Code against each posting period variant with account type + , A,D,K,S,M etc with normal period 1 to 12 and special period 13 to 16.
  The same Authorization Group "OB52" is updated in one of FI users say Mr X Role profile under authorization object F_BKPF_BUP.
  Now as per the SAP standard practice the special period 13-16 should open for the user Mr X and block for all other users. But system is allowing to do transaction with special period 13-16 for other users also.
  Please advise where I am wrong.
  Regards,
  Alok

  Dear,
  I will explain you the step involved for auth Mr.X to post for the particular period.
  Let take an example  that Mr.X has to be allowed to post between the period 1 to 11 and other user only for the period 11(Apr - March as fiscal year).
  Now,for valuation variant with account  ' +'  for the first period, you enter from period as '1' and to period as '10' and in second period, you enter from period '11' and to period '11', provide the auth group (eg KU - key user)  in the last column.
  For other accounts (A,D,M,K,S) change the first period from '1' to '12' and dont assign any auth group.
  Now you goto se16n and check in TBRG table whether your auth group KU is available for the object F_BKPF_BUP,if not maintain it.
  The last step is to assign "KU" to Mr.X profile or role against the object F_BKPF_BUP.
  Once you made the change"generate" and save it.
  Now the system will permit Mr.X to post for the periods between 1 to 11 and other user only for 11 period.
  Hope that i am ab;le to clear your boubt.
  Do revert for any further assistance.
  Take care
  God Bless
  Regards

• Authorization Group & TBRG

  Hello. I wonder what case should I create records into TBRG for.
  Generally, authorization group works when I set it to master record (e.g.vendor, customer,account code) and role (from PFCG).
  But, in some case, It is required to insert authorization group and its text to TBRG.
  Please tell me weather TBRG setting is essencial or not .
  Edited by: Julius Bussche on Dec 28, 2009 6:13 PM
  Table name corrected.

  Hi Yugo,
  Table TBRG - Contains all authorization groups and gives information about relation between authorization object and authorization group. Hence its very much necessary you maintain the authgroups in this table.
  Also if you want it to appear as a pick list when you click F4 in the DICBERCLES field in object S_TABU_DIS then you should have those valuse maintained in table:TBRG.
  There are several threads based on your query which are already answered. just search by "TBRG Auth Groups" in the same forum.
  Hope it helps.Let us know if you  need any more information from our side.

• Authorization group restriction

  Hi ,
  I would like to know how to restrict authorization group FCAR and FCAP.We could see it is related to F_BKPF_BES object .It seems the same authorization object should be given the following access
  --display access for documents asigned to authorization group FCAP
  --should not allow display for documents assigned to authorization group FCAR
  If we restrict using FCAP (displays access)the second condition works fine but the first one it displays line items only for G/L accounts.Vendor line items does not get displayed.
  Please let me know your thoughts on this.

  Hi Mekha,
  You can add another object F_BKPF_BES manually and in the first one give
  display access for documents asigned to authorization group FCAP  and in another no display for documents assigned to Auth group FCAR
  **Reward points accordingly
  Junaid

• Regarding ABAP Query authorization group

  Hi Team,
  This is regarding ABAP Query!
  I have created one authorization group, for testing i have assigned my id in authorization group.
  After creation of ABAP query,standard program got generated. Now i have created one transaction code at the last for the ABAP Query.
  Now the isse is even though i have deleted my id from the authorization group. I am able to execute the query from SQ01 and with the Transaction code .
  It should not happen...i want who soever id is mapped to the transaction code ...that member should only be able to run that query, otherwise there is no use of authorization group.
  Please help me out in this case.
  Thanks & Regards,
  Anil Kumar Sahni

  Are you sure that you don't have access to that authorisation group? Execute report RSUSR002. In the 'Authorization Object 1' block inform  S_TABU_DIS in 'Auth.Object' and accept. Then inform Activity=03 and Auth.Gruop= your group.
  You will get a list of all the users which, theoretically, will be able to execute the query. If you press 'Roles' or 'Profiles' in the toolbar of the listing you will get to know why you have authorisation. May be you have the SAP_ALL profile.
  Also, one more thing to take into account: how have you created your transaction? Is it referring directly to the generated report? Then it is an error, you should execute program SAP_QUERY_CALL. Read this post: [Relate transaction to query;

• Authorization group in Marekting planner

  Hi
  There ia a field 'Authorization group' in the basic tab while creating a marketing plan. Now, this authorization group decides which all users can perform particular actions on this marketing plan like change, display etc. So this authorization group must have some users attached to it. Moreover these users must be having their own authorization objects under role maintenance. So how can a particular user have limited access just on the basis of this group. Is this group having some atauthorization objects under it, if yes then where? My question is where do we assign the users to this group. Any pointers will be helpful.

  Sunil Sir,
  Authorization Groups are defined in SPRO under Cross Applications Comp ->SAP B P ->Basic Settings ->Authorization Mgmt ->Maintain Author Grps.
  And you assign Authorization groups to each relevant Business Partner. while creating a BP you can assign auth. gp under Identification tab.
  if you r satisfied with the answer pls assign the reward points i will be opening my account with your valued points
  good to c ur msg..
  cheers!
  Rishi

• Authorization Group in T-Code: OB52

  Hi,
  I need to maintain 2 Auth. Group in T-Code: OB52, my requirment is below:
  for some users (nearly 25) needs to post the transaction in June Month and for some users (nearly 10)should have to post for selected GL in the month of June.
  So we decide to create two roles and assign the Auth Group in F_BKPF_BUP Auth. group. But i need to know whether the system will allow to assign two Auth. Group for one Company code (ie., 2 Auth. Group and all common users)
  Please revert ASAP.
  Regards
  JS

  The help on AuGr field in OB52 is good.  Here it is
  Authorization Group
  The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. The authorization groups usually occur in authorization objects together with an activity.
  Use
  A posting period can be made available to only a limited set of users using the authorization group.
  Procedure
  If only a limited set of users is to be able to post in a particular posting period, proceed as follows:
  Add the posting period authorization (authorization object F_BKPF_BUP) to the authorizations of the selected users. Assign an authorization group (e.g. '0001').
  Enter the account type '+' for the posting period variant to which the restriction is to apply. Enter the period(s) whose use is to be restricted in the first period, those which are available to all users in the second period, and the authorization group (e.g. '0001') in the last column.
  Examples
  A posting period can be successively restricted. If, e.g. 10 users have the posting period authorization with authorization group '0001', and 3 of these 10 users also with authorization group '0002'.
  If the period is only to be accessible to the 10 selected users the authorization group '0001' is entered in the posting period variant. Access can later be restricted to the remaining 3 users by entering '0002'.
  I guess your requirement can very well be met, as explained in the example above.  Also implement the following SAP Note to be able to assign the authorization group at document header level (account type '+') and at line item level in Transaction OB52.
  https://service.sap.com/sap/support/notes/891505
  Srikanth
  PS: I have seen in a reply above that AuGr controls only special periods, which is not a correct statement.  AuGr controls postings in the period specified in From per.1/Year To period/Year in OB52.

• Authorization group in OB52

  Hi,
  We want to give April 2009 authorization for one user and rest of the users should be post in this monthly.
  for that we have created 1 authorization groups in OB52 we entered like this:
  0001 + 1 2009 1 2009 3 2009 3 2009 3333 (Aut. group)
  we assigned 3333 in user profile also.
  guide me
  sateesh

  Hi Sateesh,
  It should be the other way around. The first section of the periods is controlled by the authorisation group. I understand that the user profile with the authorisation 3333 should be able to post in April ie 04/2009. Others should not be allowed to post, right?
  Maintain as follows in OB52 -
  0001  +  <GL Accounts>  04  2009  04  2009  06  2009  06  2009  3333
  0001  D  <GL Accounts>  04  2009  04  2009  06  2009  06  2009  3333
  0001  K  <GL Accounts>  04  2009  04  2009  06  2009  06  2009  3333
  0001  M  <GL Accounts>  04  2009  04  2009  06  2009  06  2009  3333
  0001  S  <GL Accounts>  04  2009  04  2009  06  2009  06  2009  3333
  0001  A  <GL Accounts>  04  2009  04  2009  06  2009  06  2009  3333
  Regards,
  Mike

• Gl  master record with authorization group field, how to download this data

  Dear Experts
  I would like to  down load general ledger master record with the following details.
  gl account   
  text
  authorization group
  i did not find a way to down load this information with the values in the authorization
  group filed.
  submitted for experts advise and help.
  joyal
  Moderator: Please, use standard SAP reports/tables and search before posting

  Dear:
                     Please check
                     S_ALR_87012328 - G/L Account List
                     OB_GLACC13 - Descriptions
                     You can select Auth group from the selection in OB_GLACC13 - Descriptions  and download the same.
                      Regards

• Define and assign user authorization groups in FI

  Hi All,
  In order to allow some specific group of users to post in AUGR allowed periods, how do I define and assign user authorization groups in FI?
  Thanks,
  Teo

  Hi Teo,
  Here i am giving some authorisations in fi
  F_AVIK_BUK FI Payment Advice: Authorization for Company Codes
  F_BKPF_BED FI Accounting Document: Account Authorization for Customers
  F_BKPF_BEK FI Accounting Document: Account Authorization for Vendors
  F_BKPF_BES FI Accounting Document: Account Authorization for G/L Accounts
  F_BKPF_BLA FI Accounting Document: Authorization for Document Types
  F_BKPF_BUK FI Accounting Document: Authorization for Company Codes
  F_BKPF_BUP FI Accounting Document: Authorization for Posting Periods
  F_BKPF_GSB FI Accounting Document: Authorization for Business Areas
  F_BKPF_KOA FI Accounting Document: Authorization for Account Types
  F_BKPF_VW FI Acc. Document: Change/Display Default Vals for Doc.Type/PKey
  F_BL_BANK FI Authorization for House Banks and Payment Methods
  F_BNKA_BUK FI Banks: Authorization for Company Codes
  I hope it will help.
  BR,
  Satya

• Restricting Users based on GL Authorization Group

  Gurus,
  I have got requiremnt from our finance consultant/team for restricting users from accesing particular GL accounts in a company code. There are some GL which users are not supposed to view.
  We have created authorization group in FS00 -Control data , but we cannot see that group in object F_BKPF_BES(Account authorization for GL accounts).
  Please help.
  Regards

  Hi,
  Step1: Create Tolerance Groups
  Step2: Assign Users to Tolerance Groups
  Step3: Remove/Add T Codes in Users Master Data (T Code: SU01)
  Thanks
  Chandra