Custom Tcode Authorization Error

Dear Security Gurus,
We are getting an authorization while testing Custom Tcode. This tcode is used for Uploading data.
The authorization error shows missing Activity field value and a field called Operating Concern.
The SU53 and the Trace(ST01) show the same error even though the role that is assigned to the user has exactly the required values.
Also Authority Check in the Program of the tcode is maintained for only the Activity field and Operating Concern field.
Hence we are unable to figure out why the auth. issue occurs even though the role assigned to the user has the missing values
Please let me know how I can resolve this authorization issue.
Regards,
Arjun

Hi ,
Below is the Authority check section of the tcode :
START-OF-SELECTION
  PERFORM F_AUTHORIZATION_CHECK
    AUTHORITY-CHECK OBJECT 'YTIPRC01' ID 'CEERKRS' FIELD P_ERKRS ID 'ACTVT' FIELD '01'
  PERFORM UPLOAD_DATA
    CALL FUNCTION 'GUI_UPLOAD'
      AUTHORITY-CHECK OBJECT 'S_GUI' ID 'ACTVT' FIELD '60'
Even though I have the ACTVT value 01 and the corresponding CEEKRS (Operating Cncern ) Value in the role I still get the error.
Thanks,
Arjun

Similar Messages

  • Custom TCode for Excel File Upload/Import - WebGUI Error

    We get an ABAP runtime error when uploading an excel file with a custom tcode using WebGUI.  It works ok with WinGUI.  Any ideas what could be causing that error?
    Runtime Errors         RAISE_EXCEPTION
    Date and Time          01/05/2011 17:27:16
    Short text
         Exception condition "JAVABEANNOTSUPPORTED" raised.
    What happened?
         The current ABAP/4 program encountered an unexpected
         situation.
    What can you do?
         Note down which actions and inputs caused the error.
         To process the problem further, contact you SAP system
         administrator.
         Using Transaction ST22 for ABAP Dump Analysis, you can look
         at and manage termination messages, and you can also
         keep them for a long time.
    Error analysis
         A RAISE statement in the program "C_OI_CONTAINER_CONTROL_CREATORCP" raised the
          exception
         condition "JAVABEANNOTSUPPORTED".
         Since the exception was not intercepted by a superior
         program, processing was terminated.

    You can use the below code. One more thing while running make sure there is no unsaved excel sheet open in your system.
    FORM sub_create_container .
    Create Instance control for container
      CALL METHOD c_oi_container_control_creator=>get_container_control
        IMPORTING
          control = iref_control
          error   = iref_error.
      IF iref_error->has_failed = c_check.
        CALL METHOD iref_error->raise_message
          EXPORTING
            type = 'E'.
      ENDIF.
    Create generic container linked to container in screen 100
      CREATE OBJECT oref_container
        EXPORTING
          container_name              = 'CONT'
        EXCEPTIONS
          cntl_error                  = 1
          cntl_system_error           = 2
          create_error                = 3
          lifetime_error              = 4
          lifetime_dynpro_dynpro_link = 5
          OTHERS                      = 6.
      IF sy-subrc <> 0.
        MESSAGE e000 WITH 'Error while creating container'(012).
      ENDIF.
    Establish connection to GUI Control
      CALL METHOD iref_control->init_control
        EXPORTING
          inplace_enabled      = c_check
          r3_application_name  = 'EXCEL CONTAINER'
          parent               = oref_container
        IMPORTING
          error                = iref_error
        EXCEPTIONS
          javabeannotsupported = 1
          OTHERS               = 2.
      IF iref_error->has_failed = c_check.
        CALL METHOD iref_error->raise_message
          EXPORTING
            type = 'E'.
      ENDIF.
    Create Document Proxy
      CALL METHOD iref_control->get_document_proxy
        EXPORTING
          document_type  = soi_doctype_excel_sheet
        IMPORTING
          document_proxy = iref_document
          error          = iref_error.
      IF iref_error->has_failed = c_check.
        CALL METHOD iref_error->raise_message
          EXPORTING
            type = 'E'.
      ENDIF.
    ENDFORM.                    " SUB_CREATE_CONTAINER
    FORM sub_create_document  USING    p_sheet TYPE i.
      DATA:  l_title   TYPE char40,
              l_char    TYPE char2,
              l_time    TYPE i,
              l_sheet   TYPE char12.
    Calculate the number of sheets to be created
      l_time = p_sheet - 1.
      CONCATENATE 'Assembly Table'(015) v_char INTO l_title
      SEPARATED BY space.
    Create document
      CALL METHOD iref_document->create_document                 " Open use Open_document method
        EXPORTING
          open_inplace   = c_check
          document_title = l_title
          no_flush       = c_check
        IMPORTING
          error          = iref_error.
    Open Spreadsheet interface
      CALL METHOD iref_document->get_spreadsheet_interface
        EXPORTING
          no_flush        = c_check
        IMPORTING
          sheet_interface = iref_spreadsheet
          error           = iref_error.
    Get number of sheets
      CALL METHOD iref_spreadsheet->get_sheets
        EXPORTING
          no_flush = c_check
        IMPORTING
          sheets   = i_sheets
          error    = iref_error.
    Reaname he sheet
      READ TABLE i_sheets INTO wa_sheets INDEX 1.
      l_char = p_sheet.
      CONCATENATE 'Sheet' l_char INTO l_sheet.
      CALL METHOD iref_spreadsheet->set_sheet_name
        EXPORTING
          newname  = l_sheet
          oldname  = wa_sheets-sheet_name
          no_flush = c_check
        IMPORTING
          error    = iref_error.
      REFRESH i_sheets.
      CLEAR: l_char,
             l_sheet.
    Add sheets
      DO l_time TIMES.
        l_char = sy-index.
        l_char = p_sheet - l_char.
        CONCATENATE 'Sheet' l_char INTO l_sheet.
        CALL METHOD iref_spreadsheet->add_sheet
          EXPORTING
            name     = l_sheet
            no_flush = c_check
          IMPORTING
            error    = iref_error.
      ENDDO.
    Get number of sheets
      CALL METHOD iref_spreadsheet->get_sheets
        EXPORTING
          no_flush = c_check
        IMPORTING
          sheets   = i_sheets
          error    = iref_error.
      SORT i_sheets BY sheet_name DESCENDING.
    ENDFORM.                    " SUB_CREATE_DOCUMENT
    FORM sub_save_document .
      DATA: l_changed     TYPE int4.
    Save the document
      CALL METHOD iref_document->save_as
        EXPORTING
          file_name = p_file
          no_flush  = c_check
        IMPORTING
          error     = iref_error.
    Close the document
      CALL METHOD iref_document->close_document
        EXPORTING
          do_save     = c_check
          no_flush    = ''
        IMPORTING
          has_changed = l_changed
          error       = iref_error.
    ENDFORM.                    " SUB_SAVE_DOCUMENT
    Thanks
    Subhankar

  • Error for customer specific Authorization check (User Exit)

    Dear Experts,
    I am facing a problem in PM.
    I have created a maintenace plan for calibration via t code IP42 and mentioned the order type PM05. Scheduling is done for the order. I got the order number.
    I have released the order and got the inspection lot number.
    While entering the results recording through t code QE17, the reluts are out of the specified range, i have given the valuation Rejected, immediately system is giving an error message as below:
    "Error for customer specific Authorization check (User Exit)"
    Though there is no user exit activated in the system, this message is coming and not allowing the result recoring for rejection.
    If I'm entering the result recording within the specified range, then valuation is Accepted and its allowing to save.
    I have checked the following user exits:
    QQMA0002: QM: Authorization Check for Entry into Notif. Transaction
    QQMA0026: PM/SM: Auth. check when accessing notification transaction.
    The above 2 User Exits are not active.
    I have also checked a note 429066. But it says incase of any dump for that user exit only its applicable and more over the current version of the system is ECC 6.0 packae 15, where as that note is applicable upto 4.6C.
    Please some one help me on this issue.
    Thanks and Regards,
    Praveen.

    Dear Pete,
    I have cheked with my technical team, There is no hotpacks updated recently. This is the implementaion project I'm in, so performing the cycle for the first time.
    Any how I got it solved, in T code QE17, after entering the Inspection lot in next screen goto menu path Settings - User settings - Defects recording mention the reprt type and tick on Reprt type Changable.
    At the time of result recording if the valuation is Rejected then it ask for defects recording close that window if not rwequired then save, the error message no longer apperaing now.
    Regards,
    Praveen

  • Authorization Error in Usage Decision tcode

    Hi All,
    While giving the UD for an inspection lot, our user is getting an authorization error where in a different plant other than the plant related to the inspection lot and other master data is related.
    I do not know if anything has gone wrong. Did anyone come across such an issue?
    Regards
    Ramakanth

    This is exactly the correct solution.
    I believe you have done this setting in your inspection type which prevert Selected sets of other plant to pop up while doing the UD .
    SPRO > QM > Quality Inspection > Inspection Lot Creation > Maintain Inspection Types > Inspection Types > Tick  in Selected set in the same plant
    thank you Gajesh Nagesh

  • Authorization error while opening a query

    Hi All,
    We have a new installation of BW NW2004s up and running. We are on Patch 7 on the back-end and patch 2 on the front-end. We can develop almost all objects on the back-end (with dumps here and there) but we can not execute any queries (both content and custom queries) the error message we get is "error occurred in the communication with the BW server, could not determine a value for variable 0DAT from the authorizations". This is in the sandbox so we all have "SAP ALL" authorization.
    Has anybody come across this issue? What could be the cause/solution?
    Thanks,
    Paul.

    Hi,
    Do you have 0DAT variable installed from a business content?
    If not, install it.
    Best regards,
    Eugene

  • Authorization error when exporting business system

    Hi ,
    I am on XI 7.0 spo9.I am trying to transport from dev to qa .
    I am able to easily export (login using xisuper ) Technical system.
    However while exporting Business system .when it gives me to download a file I get an authorization error .
    Kindly help

    Hi,
    Check XISUPER has the below roles in SU01.
    SAP_BC_AI_LANDSCAPE_DB_RFC
    SAP_SLD_ADMINISTRATOR
    SAP_SLD_CONFIGURATOR
    SAP_SLD_DEVELOPER
    SAP_SLD_ORGANIZER
    SAP_SLD_GUEST
    add the above roles for XISUPER and get the green color those roles using Tcode : PFCG.
      The above roles should be in green color.
    Regards,
    Venu.

  • Procurement Coordinator received Authorization Error when creating Bid Inv

    Hi All,
            In SRM I have an issue Please help me in solving this. Please see below
                  Procurement Coordinator received Authorization Error when creating Bid Invitation from Sourcing Cockpit.  Message states u201CMissing Transaction BBP_BID_EXTSOu201D; however Bid # is still created. User requests that Authorization issue is resolved and Bid # appear for Procurement Coordinators.  This problem does not happen for Commodity Managers

    Hi
    Please do the following steps.
    When you are using the Internal ITS,you need not run the report W3_PUBLISH_SERVICES.(only SIAC_PUBLISH_ALL_INT )
    ALso pls check the foll:
    -->activate the services through SICF tcode.
    > Go to SICF transaction and activate the whole tree under the node Deafult host>sap>bc>gui>sap>its.
    >Also maintain the settings in SE80>utilities>settings>internet transactuon server-->test service/Publish.
    Table TWPURLSVR should have entries for the / SRM server line as well as gui and web server.
    Could you please review again the following steps ?
    Did you check that ICM was working correctly (TA SMICM) ?
    1-Activate the necessary ICF services
    With transaction SICF and locate the
    services by path
    /sap/public/bc/its/mimes
    /sap/bc/gui/sap/its/webgui
    2- Publish the IAC Services
    With Transaction SE80 locate from
    the menu Utilities -> Settings ->
    Internet Transaction Server (Tab) ->
    Publish (Tab) and set “On Selected
    Site” = INTERNAL.
    3- Locate the Internet Services SYSTEM and WEBGUI.
    Publish these services with the Context
    Menu -> Publish -> Complete Service
    4- Browse to http://<server>:<icmport>/sap/bc/gui/
    sap/its/webgui/! and login to the
    webgui.
    Hope this will help.
    Please reward suitable points.
    Regards
    - Atul

  • VENDOR and Customer master Authorization

    Hi Experts
    I have requirement about vendor & customer master authorization.client requirement is if  a user had created vendor  or customer under a purchase organization or sales organization so in this case other Purchase org users shouldn't see any details about this vendor and even they shouldn't be allowed to post to this invoices.even in FBL1N and FBL5N user shouldn't see other region vendor or customer line items.how to handle to this can any one help me on this.
    Thanks in advance
    Regards
    Diwa

    Hi,
    Just a thought;
    Why can't you create a user specific validation for FB60 or other t.codes if wanted, which says that;
    If the condition 'Vendor code starts with say 1* series', is met;
    then display an error message 'Posting not possible for this Vendor Group XXXX'
    This way, you can prevent certain users from posting transactions to a certain vendor groups.
    Thanks,
    Nirav

  • Custom OWSM Authorization Policy Not Visible in OSB 11g

    I am trying to configure custom OWSM authorization policies to grant web service access in OSB to userids associated with custom WebLogic groups. Both OSB and SOA are version 11.1.1.5 with an Oracle Enterprise 11g database backend. To help rule out some possible operational errors, here are things that ARE working with the combination of SOA and OSB servcies:
    * the underlying SOA service functions in the /em console test page
    * the OSB proxy service works from the /sbconsole test page with OWSM oracle/wss_username_token_policy enabled
    * the oracle/log_policy can be added to the OSB business service and generates log entries
    * the outer proxy service can be successfully invoked from a remote client with no security policies,
    with HTTP transport security and authorization policies and with OWSM authentication policies
    attached (given the correct request payloads)
    These findings would appear to rule out connection errors from the OSB engine to the jdbc/mds/owsm DataSource or proper startup of the "OWSM Policy Support in OSB Initializer Application" service within WebLogic. (By the way, that deploys with a typo in its registered name -- "Aplication" with a single p.)
    Here are the steps that were performed:
    1) created group myfirmIdentityData in WebLogic console (/console)
    2) created userid myappuser in WebLogic console
    3) added myappuser to the myfirmIdentityData group in WebLogic console
    4) cloned the oracle/component_authorization_permitall Security policy to myfirm/authorize_IdentityData
    using the Fusion console (/em on the SOA domain)
    5) edied myfirm/authorize_IdentityData to add the "role" myfirmIdentityGroup to the
    list of permitted roles (***)
    *** note -- "roles" referenced within the OWSM policy configuration dialogs actually correspond to "groups" at the WebLogic Server level. A bit confusing at first but harmless.
    6) accessed the SOA service in the Fusion console (/em), clicked on the Policies tab and verified
    the myfirm/authorize_IdentityData policy is available for application to the SOA service (BUT DID
    NOT ATTACH IT HERE -- I'm trying to attach it at the "outer" layer in OSB, not SOA Suite)
    7) accessed the Service Bus console (/sbconsole), started a change session, selected the
    proxy service, then clicked on the Policies tab, then clicked the Add button in the
    Service Level Policies section
    At that point, the only services listed are the factory supplied oracle/********* policies. There are two pages listed and flipping between the two doesn't show any other policies other than the oracle/***** policies.
    I even tried stopping and starting the domain thinking maybe OSB caches all of the OWSM policies at startup rather than querying the mds_owsm schema dynamically to no avail. No myfirm/****** policies are displayed after a domain restart.
    Any insight?
    Thanks.

    Once again, I wound up opening a Support Request with the TAC for direction on this issue. The policies were not appearing for assignment to OSB proxy / business services because they were being created against the wrong type of object within OWSM.
    In a nutshell, policies in OWSM can be created to be applied against:
    * Components --- only usable against SOA services
    * Service Endpoints --- against URLs used as access points into services
    * Service Clients -- against consumers of services as identified by credentials
    * All -- all of the above
    However, policies built against Components can only be applied to SOA composite services. When I cloned the existing oracle/component_authorization_permitall Security policy to myfirm/authorize_IdentityData policy then limited it to the myfirmIdentityGroup group, that policy would only be assignable to SOA composities since it applied to only Components.
    To allow the group based authorization policy to be enforced in the outer OSB tier, the oracle/binding_authorization_permitall_policy was cloned to myfirm/authorize_IdentityGroup. That policy was defined to apply to endpoints and once saved, appeared in the GUI of the Service Bus console to assign to the proxy service for the service being implemented. A second component policy named myfirm/componentauthorize_IdentityGroup was cloned from oracle/component_authorize_permitall_policy to perform the group authorization at the SOA layer.
    A different issue is being encountered configuring the OSB business service to forward the OWSM headers from the outer proxy service to the SOA service so the authorization succeeds at the inner layer but that's a different problem. With the SOA layer authorization policy disabled, client tests to the proxy service function correctly with a userid in the myfirmIdentityGroup group and generate an authorization failure when another client credential is used that does not belong to myfirmIdentityGroup.

  • F-32 Tcode Authorization

    Dear Sir,
    For F-32 Tcode Authorization. 
    I Require the control to be available on PROFIT CENTER. specifically Dummy Profit Center.
    I request you to kindly guide me as such a control can be made available .
    With Thanks and Regards
    Suman A

    Read some documentation
    - [Creating a Customer-Specific Authorization Object|http://help.sap.com/saphelp_47x200/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/frameset.htm]
    - [Validations, Substitutions, and Rules|http://help.sap.com/saphelp_47x200/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/frameset.htm] and [Validation|http://help.sap.com/saphelp_erp60/helpdata/en/eb/13795543c411d1896f0000e8322d00/frameset.htm] in [Profit Center Accounting (EC-PCA)|http://help.sap.com/saphelp_erp60/helpdata/en/eb/13706b43c411d1896f0000e8322d00/frameset.htm]
    Regards,
    Raymond

  • Custom TCODE-Auth Object Assignment

    Hello All- I see a very weird thing with custom TCODE assignment, here is what I see:
    1)We have Display role which has all functions tcodes in it, which goes to every one on PRD.
    2)Usually we assign custom tcodes which are not critical to this role, and this custom tcode would have no auth objects assigned or checked during access.
    3)When I assign custom tcode to test role, I see its not pulling auth objects in PFCG which is what I expected.
    ***4)However when I assign this custom tcode to 'Display role' which have many standard tcodes in it, I see many of the auth objects "lights turning in to Yellow" (as you know its asking me to maintain value)
    5)I checked in SU24/SU22, to see if its pulling any auth objects...no objects are tied to this tcode.
    I dont know why this is happening?
    Again if I assign to test role, no objects is showing up in PFCG which is what I want!
    Any suggestions of to handle this issue, I will really appreciate your thoughts.
    Thanks,
    AJ

    AJ wrote:>
    > Hello All- I see a very weird thing with custom TCODE assignment, here is what I see:
    > ***4)However when I assign this custom tcode to 'Display role' which have many standard tcodes in it, I see many of the auth objects "lights turning in to Yellow" (as you know its asking me to maintain value)
    > 5)I checked in SU24/SU22, to see if its pulling any auth objects...no objects are tied to this tcode.
    >
    > I dont know why this is happening?
    >
    > Again if I assign to test role, no objects is showing up in PFCG which is what I want!
    >
    This is happening not because of the Custom TCodes you have added. The reason are either of the following:
    1. In previous cases when some other TCodes (SAP Standard) were added, the the profile regeneration was not carried out by entering Authorization data through "Expert Mode for Profile Generation" (or used with option "Edit Old Status" only). Instead, "Change Authorization Data" was used. And thus the Object proposals for New entries in Menu were not pulled into Profile Generator at that time. Now it's coming. Surely you entered with Expert Mode for Profile Generation --> Read Old status and Merge with New data.
    2. Other option can be: Earlier some Objects were changed which were present there only with "Standard" status. It should have been done by copying the Object and change the copied one. Then make the standard one "Inactive".
    3. The Inactive Object described in the 2nd point has been Deleted and the object with status "Changed" is left only. Now when you are entering with "Expert Mode for Profile Generation" it's pulling those standard proposals again.
    Let me know if the probable reason of Yellow traffic lights are clear to you or need more details.
    Regards,
    Dipanjan

  • Authorization Error Msg

    Dear Experts,
    I m new to Dialog Programming. i hv created a dialog program correspond to ABAP program. I hv also created a tcode for this.
    but when i run the tcode, its displaying a error msg.
    "You are not authorized to use transaction Y_TEST_DYNPRO"
    Can anyone help me in this.
    Regards
    Maverick

    Hi,
    Whenever you create any Transaction Code, you need to attach an authorization Object to it. As per the role (e.g. Developer or Administrator ) you need to attach the Authorization Object to it.
    Execute Tocde: SE93 -> Give you Tcode and in the edit mode assign the authorization object : S_DEVELOP, S_GUI as a basic minimum authorization object. If you are still getting the authorization errors, you need to get all the authozation objects from the BASIS Administrator and assign it to you Tcode.
    Have a look at the link below for a complete overview:
    http://help.sap.com/saphelp_nw04/helpdata/EN/52/671285439b11d1896f0000e8322d00/content.htm
    http://help.sap.com/saphelp_banking463/helpdata/en/5c/deaa74d3d411d3970a0000e82de14a/content.htm
    SAP Authorization Concept in Transaction Codes:
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/content.htm
    Hope this helps.
    Thanks and Regards,
    Samantak.
    Edited by: Samantak Chatterjee on Aug 24, 2009 3:42 PM

  • Why still check S_TCODE "SE16" for customizing tcode (only in ECC)

    I want to limit the access for SE16. So i need to create customizing tocde that allow user to access the specific table by SE16; I try to create this tcode in SE93;
    When this tcode assign to role and add the additional necessary auth obj. S_TABU_DIS, put the value for AuthGrp with *, Actvt = 03; When i do the testing, the system still check S_TCODE "SE16". means testing id also need authorization "SE16". If this T-code assign to testing user, then i cant limit the access for SE16;
    I also have do the testing in CRM and use the same way to create the customizing tcode. In CRM system, no need S_TCODE "SE16", only assign customizing tcode & S_TABU_DIS to testing user, is ok, this customizing tcode can be used by tester directly;

    Hello,
    create a parameter transaction in SE93. An example is the already existing parameter transaction SE16_MARA. You can specify the table in the parameters of the transaction.
    You will still need S_TABU_DIS. To enter the * isn't a good idea. The better way is to get the correct table dictionary class for the table you have assigned to the parameter transaction. Get the class in transaction SE54 (there you can also specify one, if no class is assigned yet) or from table TDDAT.
    If you have a class and a parameter transaction you should join them in SU24. Add object S_TABU_DIS to your transaction and specify activity and class for S_TABU_DIS. Then these values will be added to the role, if you add the transaction in the menu.
    regards
    Rainer

  • Risk analysis on custom tcode

    How to perform risk analysis on new custom tcode added to role. Need to know the steps.

    Hi hyd
    Maintain authorizations for your z-transaction according to your business needs in SU24.
    Run reports (static text and SU24 info):
    /VIRSA/ZCC_DOWNLOAD_DESC
    /VIRSA/ZCC_DOWNLOAD_SAPOBJ
    Upload them in RAR.
    Maintain rule set:
    Determain if the z-transaction will fit in an existing function, or if you have to create a new.
    Let say you have a variant of MIRO, ZMIRO. MIRO is in function AP02.
    Open AP02 in change mode RAR>>Rule Architect>>Functions>>Search "AP02"
    In the Actions tab: Click on + and add ZMIRO
    In the Permissions tab: Expand ZMIRO and enable objects according to your needs. 
    Save.
    Go back one step.
    Click Update rules.
    Have I missed something?
    edit: You only need to download/upload the static and object texts for new z-transactions (created after the last upload of these files).
    Edited by: Vit Vesely on Jun 9, 2009 8:54 AM
    Edited by: Vit Vesely on Jun 9, 2009 10:45 AM

  • AR Customer Maintenance Authorization Control

    Hi All,
    I'm using SAP ECC6 and Oracle 10.2.0.4.0.
    I wanted to control the authorization for Accounts Receivables (AR) Customer Maintenance.
    Currently, there are some tcodes under this role, such as:
    1) XD01 - Create Customer (Centrally)
    2) FD01 - Create Customer (Accounting)
    How can it be control from authorization point of view if I want to allow my user to have DISPLAY authorization only whenever they execute the above tcodes.
    For example:
    If user execute tcode: XD01 and key in the account group: End Customer, they will not be able to enter any information and save it.
    I understand that this tcode is fall under maintenance authorization group, but can it be controlled?
    Please kindly advice how can this be done.
    Appreciate for any of your help and advice.
    Thank you.
    Peter

    Hi Suresh,
    Thank you for your kind response.
    I've checked OB31 and found no entries. I've used tcode: SU21 and SU22 to chec the affected tcode: FD01 .
    I've also checked and analyzed authorization object F_KNA1_AEN and have configured a dummry role for testing in QAS.
    Authorization package in the dummy role:
    -> Maintained Customer: Change Authorization for Certain Fields            F_KNA1_AEN
    ->  Maintained Customer: Change Authorization for Certain Fields            T-QS25298300
    ->   Field group                VGRUP
    For Field group (VGRUP), I'm able to define the "Object Type": D for Customers, but I do not know what is the value for "Field Group"
    Please kindly advice how can this be done.
    Thank you.
    Cheers.

Maybe you are looking for