Authorization group in GL A/C using FB01

HI, We have  activated the authorization Group in GL A/c. Using the authorization object F_BKPF_BES we were able to create restrictions on other tcodes like F-28 . However when using the u201CFB01u201D tcode, the authorization check does not have any effect. I have already check the authorization in SU24 for fb01 and status is set to YES. I have also created a trace(using ST01) for this transaction but ST01 does not show any authorization trace for F_BKPF_BES.

Hello,
Authorization object:F_BKPF_BES should be checked when you run FB01.
In your case,please try to check the following points:
1.Authrization group was assigend to G/.L master data correctly.
2.Authrization group  was assigend to object:F_BKPF_BES correctly.
3.Avtivity was defined in this object correctly.
4.Role was assgined to user correctly.
5.SAP_ALL authorization was deleted from the user profile.
Note: it is impossible to define the authorization group as '  '(space) in object:F_BKPF_BES,
if '  ' was defined, system will consider there are no any setting existed.
Hope the above infor. could help you to solve this issue.
Best Regards,

Similar Messages

  • Authorization group restriction

    Hi ,
    I would like to know how to restrict authorization group FCAR and FCAP.We could see it is related to F_BKPF_BES object .It seems the same authorization object should be given the following access
    --display access for documents asigned to authorization group FCAP
    --should not allow display for documents assigned to authorization group FCAR
    If we restrict using FCAP (displays access)the second condition works fine but the first one it displays line items only for G/L accounts.Vendor line items does not get displayed.
    Please let me know your thoughts on this.

    Hi Mekha,
    You can add another object F_BKPF_BES manually and in the first one give
    display access for documents asigned to authorization group FCAP  and in another no display for documents assigned to Auth group FCAR
    **Reward points accordingly
    Junaid

  • Properties of authorization group.

    Hi Experts,
    I have one query regarding authorization group creation.
    In my old system i have one authorization group as X. I wanted to create the similar type of authorization group in new system.
    Using tcode S_ALR_87099664 I can create the authorization group. But first I wanted to see the properties/attributes of authorization group X in old system.
    Please suggest where exactly i can see the properties/attributes of authorization group.
    Regards,
    Poonam

    Hi Neha,
    refer to this link
    Re: T.code for Create Authorization Group
    http://www.sapmaterial.com/authorization_checks.html
    hope this wil use ful to you.
    Thanks

  • Which table could i find 'Authorization Group'  used for Material master?

    Hi experts,
    Is there any table available could i find all 'Authorization Group' list as used by material master data.
    OR in SPRO, anywhere could i find 'Define authorization group' for material master data specific??
    Thanks.

    Hi
    Authorization group in the material master are maintained at the material type level.
    SPRO->IMG-> Logistics - General-> Material Master-> Basic Settings-> Material Types-> Define Attributes of Material Types
    List of authorization roups can be found in table T134-Material Types
    this filed is a free defined 4 charcter field.
    Thanks & Regards
    Kishore

  • Cant use more than one authorization group per report with SBO CR Basic

    Cant use more than one authorization group per report with SBO CR Basic.
    I have installed on SAP Business One SBO 2007 SP00 PL49 the Crystal Reports Basic 2.0.0.7.
    i have defined two users, manager and supervisor.
    I have defined two groups, M and S.
    Manager belongs in managers (M), and supervisor is assigned to the supervisors (S).
    i enter to one report, disable the public option to enable group authorization, and then check M group.
    Manager can see the report, but Supervisor is not allowed. So far good.
    Then i uncheck M, then check S in the report properties, and Manager cant get in, supervisor opens the report, So far good.
    But when we check both Groups or more, only the M group authorization appears to work, and S group users cant acess, even the report is allowed for that group, also happens with all the groups appart the first (2nd, 3rd, 4th, etc.).
    It seems that a report can manage a single group, but i have to be shure to tell this to the customer.
    So far we have included all Manager users to the S group in order that only S group is used and authorized users can use, but this is duplicating user participation in groups, and it would be much easier to check the desired groups for a single report.

    Cant use more than one authorization group per report with SBO CR Basic.
    I have installed on SAP Business One SBO 2007 SP00 PL49 the Crystal Reports Basic 2.0.0.7.
    i have defined two users, manager and supervisor.
    I have defined two groups, M and S.
    Manager belongs in managers (M), and supervisor is assigned to the supervisors (S).
    i enter to one report, disable the public option to enable group authorization, and then check M group.
    Manager can see the report, but Supervisor is not allowed. So far good.
    Then i uncheck M, then check S in the report properties, and Manager cant get in, supervisor opens the report, So far good.
    But when we check both Groups or more, only the M group authorization appears to work, and S group users cant acess, even the report is allowed for that group, also happens with all the groups appart the first (2nd, 3rd, 4th, etc.).
    It seems that a report can manage a single group, but i have to be shure to tell this to the customer.
    So far we have included all Manager users to the S group in order that only S group is used and authorized users can use, but this is duplicating user participation in groups, and it would be much easier to check the desired groups for a single report.

  • Using Authorization group field in Data entry profile

    Hi,
    I would need some help in configuring/using the authorization group field in data entry profile.
    After setting up the values in the drop down, how do we link to the authorization profiles or roles .
    basically, I would like to know the steps/activities required to use this field

    cross posting->thread locked.

  • Multiple Authorization groups to be used in OB52 for a single company code

    Hello All,
    I need help in creating and assigning authorization groups in Transaction Code: OB52 to control the postings of few users in one authorization group. That is i want some users  to post in 2 back  period and others in only 1 back period.I have tried from my side and it is still not working.
    I followed the following step:
    I have created 2 groups and assigned the users accordingly but the thing is i am only able to find 1 feild for entering authorization group
    If there is any thing i am missing or if i have done some thing wrong in this process please help me.
    Please Provide me the logic of how to use two authorization groups with one feild.
    Best Regards,
    Ravi
    Edited by: Ravi Eddhula Reddy Kumar on Apr 3, 2011 1:01 PM

    Hi,
    Try with this possibility
    In ob52 create two rows.
    Assign the required periods for Group A in Row 1
    Assign the required periods for Groub b in Row 2
    Regards
    Prasad

  • Use of Authorization Group in OB52

    Dear Experts,
    I have updated Authorization Group as "OB52" in the last column of OB52 T-Code against each posting period variant with account type + , A,D,K,S,M etc with normal period 1 to 12 and special period 13 to 16.
    The same Authorization Group "OB52" is updated in one of FI users say Mr X Role profile under authorization object F_BKPF_BUP.
    Now as per the SAP standard practice the special period 13-16 should open for the user Mr X and block for all other users. But system is allowing to do transaction with special period 13-16 for other users also.
    Please advise where I am wrong.
    Regards,
    Alok

    Dear,
    I will explain you the step involved for auth Mr.X to post for the particular period.
    Let take an example  that Mr.X has to be allowed to post between the period 1 to 11 and other user only for the period 11(Apr - March as fiscal year).
    Now,for valuation variant with account  ' +'  for the first period, you enter from period as '1' and to period as '10' and in second period, you enter from period '11' and to period '11', provide the auth group (eg KU - key user)  in the last column.
    For other accounts (A,D,M,K,S) change the first period from '1' to '12' and dont assign any auth group.
    Now you goto se16n and check in TBRG table whether your auth group KU is available for the object F_BKPF_BUP,if not maintain it.
    The last step is to assign "KU" to Mr.X profile or role against the object F_BKPF_BUP.
    Once you made the change"generate" and save it.
    Now the system will permit Mr.X to post for the periods between 1 to 11 and other user only for 11 period.
    Hope that i am ab;le to clear your boubt.
    Do revert for any further assistance.
    Take care
    God Bless
    Regards

  • Use of Authorization groups - do we need check on S_PROGRAM as well?

    Hi!
    As a rule we always implement authorization group in the attributes of our ABAP programs. We also insert an include which contains a check:
    AUTHORITY-CHECK OBJECT 'S_PROGRAM'
           ID 'P_GROUP' FIELD  W-SECU
           ID 'P_ACTION' DUMMY.
    where W_SECU is the given authorization group.
    My question is : do we really need this check in saperp2005 systems? I have a feeling that this check is included in the SE38 transaction already now.   Why I think this: someone forgot th copy the content of the mentioned include into our upgraded system, and if I try to run a program with a specfied authorization group I do not have access to , I get a message about this automatically from SE38.
    Regards, Tine

    Hi,
    that must be wrong. You must differentiate between calling transaction SE38 (for which you need an authorization) and executing the program (which you insert as an include). On one side, transaction SA38 is the one your users must call for this. On the other side, I´m also working with MySAP 2005 and SE38 does not check the authority for the program.

  • Authorization Group for G/L Account

    Hi,
    What?
    - I wish to restrict the 'posting' of a G/L account to be done by certain users only
    How?
    - What I have done was...
    a) From FS00, I have added a free-text (BANK) into the Authorization Group for a G/L account
    b) From PFCG, a new role was created to allow these 2 Authorization Objects, F_BKPF_BES and F_SKA1_BES
    c) 'BANK' was entered for the Authorization Group for both these 2 Authorization Objects
    d) From there, I have assigned this new role to the user that I wish to allow Posting of the G/L account
    Problem?
    - Other users still can do Posting for this G/L account
    - Any steps which I have missed out here or done wrongly?
    Thanks,
    Brandon

    Hi,
    Some other roles of the users may override and cause the users to post against this GL account.
    Check all the roles relevant for the restricted users. 
    Use SUIM t-code to find if the auth object mentioned above is included in any other role.
    If it be, restrict that again.
    Generally if one role as no restriction against this auth and not all, this issue tends to happen.
    Regards,
    Sridevi

  • Creation of Authorization group

    Hello All,
    I have a requirement from FI consultant for creation of new authorization group. This auth. group we want to use in FI objects like F_BKPF_BEK. so that for few end users they should not change any vendor data in FK02.
    I have gone through several posts, but not able to get / understand clear steps for creation of auth group and assignment.
    One of the post i found is below:
    [How to create Authorization group;
    i tried to do few steps but not in right direction. Request you some one please suggest me the steps for cration.
    Rgds,
    Durga.

    Julius,
    Thanks for the update. As suggested by you i have inserted one entry of auth group in TBRG table against FI object with SE16.
    Now how do we maintain the view of V_TBRG. Is it from SE11?, if yes then i should do this step from ABAP login.
    But what i heard is, this activity is purely involved by Basis people.
    Please suggest.
    Rgds,
    Durga.

  • Authorization Group (BEGRU) search help  required in Easy DMS

    Hi all,
    I had defined some value in authorization group (BEGRU) in SAP. When i opened the Document using CV01N/ CV02N transaction, then F4 help is available to me.
    but when i opened the same document via SAP Easy DMS 7.0, Search help functionality is not there.
    How could i activate this.
    Pls.. Suggest.
    Regards,
    S Anand

    Hello Sheo,
      EasyDMS does not provide search help for Authorization object as of  the latest release. The search help achieved by customization of the domain BEGRU does not reflect in EasyDMS.
    To achieve this, you can enhance easydms interface by using either easydms plugins or EasyDMS custom tab.
    refer:
    http://wiki.sdn.sap.com/wiki/display/PLM/EasyDMSPlugin%28Addin%29-Advanced+Development
    note: 1355293
    Regards
    Surjit

  • BAPI to create bp with name, search term, address and Authorization Group

    Hi
      which BAPI could be used to create Business Partner (type organazation) with names, search term, address and the Authorization Group field.
      ths

    Hello ,
    You can use : BAPI_BUPA_CREATE_FROM_DATA
    In case you need to update additional fragments just search in trn code SE37  for BAPI_BUPA_*CREATE.
    For example BAPI_BUPA_FRG0040_CREATE - Create classification data for BP , etc'.
    Additional you can use XIF :CRMXIF_PARTNER_SAVE to create business partners
    Rika

  • Hide price in ALL Tx accg to material authorization group or material group

    Hello,
    I'm currently working on a customer's need which consists in hiding the material price in all transactions (MM, SD, FI...), according to the material master authorization group OR the material group.
    The difficulty remains on the fact that users manage the transactions for other materials for which they can see the price.
    I've tested some solutions posted on the forum (Tx OMET + user parameter EFB, use of authorization objects M_BEST_EKG + M_BEST_EKO + M_BEST_BSA) but none is satisfying enough.
    Please tell me you have an idea that would prevent me from doing transaction variants + enhancements!!
    Thanks for your help
    Annabelle

    > I am unable to find out the Material or the Material Type that is linked with a material authorization group (QMATAUTH).
    >
    > Do we have a table where I can find the Material Types or the Materials contained in each material Authorization Group (Q_MATERIAL -> QMATAUTH).
    You can get teh details on QM authorization group through table TQ01D. YOu can go through the following post for list of QM tables and tcodes.
    QM Tables and T codes
    Thanks.
    Anjan

  • Authorization Group Material Master

    Hello,
    i am trying to restrict a user from accessing a single material. I am using Authorization Object M_MATE_MAT for this. When I use transaction mm03 to go on the material master I see a field for the Authorization Group but when I go to the same view in mm02 (View: Basic Data 1) I don't see the field Authorization Group or the section Material Authorization Group. Where can I enter the Authorization Group for a Material Master.
    Thanks everyone - I'd really appreciate an answer,
    Johannes
    Edited by: Johannes Hintsch on May 15, 2009 12:17 PM

    HI..
    You will have to make the field to display in OMS9.
    Double click on MM02 - - >then for number 36 make the field as optional entry or required entry as desired.
    Right now it must be showing in Hide.
    After changing you will be able to see in MM02 and make the entry there.
    Hope it helps,
    Swapnil

Maybe you are looking for