Document type authorisation

Similar Messages

• Document type Authorisation in FBL1N

  Hi Friends,
  We have one requirement to restrict the Document type authorization in FBL1N for one user.
  Since in SAP we have created the employee as the Vendor so we are passing the salary voucher vendor wise.
  We have tried to check the the authorization object through SU24 for transaction code FBL1N and found the F_BKPF_BLA after that, one authorization group is assigned to Document type in OBA7. there after, in table TBRG the authorization group has been assigned to authorization object. Now that authorisation group is being removed from the user id.
  but the same is not working.
  Please help.
  Thanks in advance !!

  Hi Janeet,
  You can able to restrict those values in 2 methods.
  1. Create document type authorization object in OBA7 and exclude this authorization object to business user through mentioned object F_BKPF_BLA
  2. Create separate account group for Employee vendors and assign one authorization group in Vendor master and restrict those values in FBL1N through authorization object F_BKPF_BEK
  You have to exclude those object from obhjects.
  Regards
  Mani

• Authorisation group and document type

  Dear Experts
  I want our users who are using transaction F.14 to be able to process document type ZF only. I have created a role and in the authorisation object F_BKPF_BLA
  i can see field authorisation group and activity. What value i should put in the authorizatuion group object which will allow me to restrict users to work in document type ZF only
  <removed_by_moderator>
  Edited by: Julius Bussche on Apr 30, 2008 4:53 PM

  Hi All,
  Didnt know whether to start a new post or continue this one.  Basically I have the same problem but I seem to be missing something fundamental (and I think it must be obvious!).
  Dev Team:-
  1) New transaction code created ZF10 by which amongst other things should only process the newly created document type ZF.
  Myself (Security Team):-
  1) All of our document types are defined in OBA7. 
  2) The specific document type is ZF that we want to restrict access to.
  3) In V_TBRG I have defined the custom authorisation group ZDTF against object F_BKPF_BLA.
  4) In SU24 I have defined against the custom transaction code ZF10 the authorisation object F_BKPF_BLA to be inserted with Activity values 01, 02, 03; and Authorisation Group ZDTF.
  5) Create new role and add ZF10 which then populates the auth object and values above.
  What I cant see / understand is how the document type is then restricted to ZF in the role as it isnt defined anywhere that the authorisation group ZDTF only allows access to document type ZF.
  Any help on this will be greatly appreciated.  PS Should I have created a new thread for this ?
  Cheers
  Steve

• Authorisation combined with document type, activity and status

  I want to create a role for a user who is only allowed to create and change document type ZDI  in status IW .
  Which object authorization can provided this check ?
  The object authorization C_DRAW_TCD  control only the activity (create/modify) and the document type (ZDI).
  The object authorization C_DRAW_STA control only  the document type (ZDI) and the status of the document (IW).
  But I need the combination of the both authorization. Does a possibility exist in standard to do it without create a client new authorisation?
  Thanks in advance for your help.
  Amande

  Thanks for your response.
  But it doesn't works as I want.
  The object authorisation C_DRAW_TCS  is checked before the save but not after save with the changed values.
  for example :
  the user has the following authorizations in the modification role:
    C_DRAW_TCS  activity 02 document type ZDI  document status IW 
    C_DRAW_TCD document type ZDI  activity 02
    C_DRAW_STA document type ZDI status IW
  The user has also the autorisation C_DRAW_STA document type ZDI status FI  in the display role
  With this configuration the user can modify the document ZDI in status IW and change the status into FI . I don't want that the user can change the status into FI. Does exist a possibility to avoid this?
  Of course, after storing this change of the status , the user can't access to the document ZDI with status FI.
  SAP doesn't check the authorization C_DRAW_TCS  activity 02 document type ZDI  document status FI  after status change.
  Thanks in advance
  Amande

• Authorisation to post to document type n authorisation to post to cost cent

  Hi
  I have two questions-
  1. I want that to a particular document type some user group should not have authorisation to post. I know in document type we have one field called authorisation group, but i dont know how to create such group.
  2. one user working at a particular plant say plant A should have authorisation to use certain cost centers only.
  Please guide.
  Thanks
  Sweta

  HI,
  1: you can use authorization groups for that purpose, see F1-help for this field in T-Code OBA7 (doc.type maintenance in customizing. See also the link to "authorization objects" in this F1-help. Nevertheless you need the knowledge of somebody who is familair with the SAP authorization concept, role creation,...
  2: see SAPNET-note 370082 how to create user authorization for cost center (groups).
  Best regards, Christian

• Authorisation objects for RV and DR document types

  Dear Consultants
  Could any one tell me that, what are the authorization objects for Document types RV and DR?
  we need to  give the base line date  change authorization for the documents which has been posted through RV and DR document types for  some particular users
  early reply will be highly appreciated
  Regards

  Maintained a role with that Authorization Object F_BKPF_BLA for
  Auth Group (0001). And gave activity Nil. ie do not want to
  allow any activity by that Group. Maintained Organizational
  Level Values for Co Code. Generated a profile. Assigned the
  Profile and Role in the User Master.Try running a trace using ST01 and confirming that F_BKPF_BLA is the
  only object for which the user is passing the authorization check (RC 0). It's possible that other authorization objects are granting access
  That need to be configured in customizing.
  Trx OBA7 or IMG path Financial Accounting / Accounts Receivable and Accounts Payable / Business Transactions / Incoming Invoices/Credit Memos / Carry Out and Check Document Settings / Define Document Types,use table TBRG
  use F_BKPF_BLA. Check if it is possible to have
  the t-codes in question check this object in su24

• Restrict the user   based on document type on migo transaction-prepare GRN

  Hi,
  We are running ECC6.0 R/3 system.We had a requirement as follows
  In MIGO transaction , we want to restrict the user on document type i.e. we want that a particular user can  prepare GRN for document type  STO only. He cannot prepare GRN for other document type.
  We checked  SU24->maintain check indicators for transaction codes->enter migo->execute->check indicator.This returned us the authorisation objects present in Migo transaction.We checked the help of all these objects,but none of them we found suitable for above mentioned requirement.We were planning to find out the proper authorisation object to add to Profile generater.
  The following is the objects which we have checked for.
  A_B_ANLKL-->     Asset Postings: Company Code/Asset Class
  A_B_BWART-->     Asset Postings: Asset Class/Transaction Type
  B_USERSTAT-->     Status Management: Set/Delete User Status
  B_USERST_T-->     Status Management: Set/Delete User Status using Process
  C_AFKO_AWK-->     CIM: Plant for order type of order
  C_CACL_DSG-->     Interface Design
  C_DRAW_BGR-->     Authorization for authorization groups
  C_DRAW_DOK-->     Authorization for document access
  C_DRAW_TCD-->     Authorization for document activities
  C_DRAW_TCS-->     Status-Dependent Authorizations for Documents
  C_KLAH_BKP-->     Authorization for Class Maintenance
  C_STUE_BER-->     CS BOM Authorizations
  C_STUE_WRK-->     CS BOM Plant (Plant Assignments)
  C_TCLA_BKA-->     Authorization for Class Types
  C_TCLS_BER-->     Authorization for Org. Areas in Classification System
  C_TCLS_MNT-->     Authorization for Characteristics of Org. Area
  F_BKPF_BUK-->     Accounting Document: Authorization for Company Codes
  F_BKPF_BUP-->     Accounting Document: Authorization for Posting Periods
  F_BKPF_KOA-->     Accounting Document: Authorization for Account Types
  F_FICA_FOG-->     Funds Management: authorization group of fund
  F_FICA_FSG-->     Funds Management: authorization group for the funds center
  F_FICB_FKR-->     Cash Budget Management/Funds Management FM Area
  F_KNA1_APP-->     Customer: Application Authorization
  F_LFA1_APP-->     Vendor: Application Authorization
  F_SKA1_BUK-->     G/L Account: Authorization for Company Codes
  G_GLTP  -->       Spec. Purpose Ledger Database (Ledger, Record Type, 
                                 Version)
  J_1IDEP_SL-->     Authorization object for depot sale transaction
  J_1IEXC_OT-->     Authorization object for Other Excise Invoice Create
  J_1IEX_PST-->     Autorization object for posting Other Excise invoice
  J_1IGRPT1-->     Auth. for PART1 at GR
  J_1IINEX  -->            Incoming Excise Invoice
  J_1IRG23D-->     Authorisation object for Depo Transactions
  K_CCA-->                     CO-CCA:  Gen. Authorization Object for Cost Center 
                                  Accounting
  K_CSKS     -->                CO-CCA:  Cost Center Master
  K_CSKS_SET-->     CO-CCA: Cost Center Groups
  K_PCA-->                    EC-PCA: Responsibility Area, Profit Center
  L_TCODE-->                    Transaction Codes in the Warehouse Management System
  M_ANFR_BSA-->     Document Type in RFQ
  M_ANFR_EKG-->     Purchasing Group in RFQ
  M_ANFR_EKO-->     Purchasing Organization in RFQ
  M_ANFR_WRK-->     Plant in RFQ
  M_BEST_BSA-->     Document Type in Purchase Order
  M_BEST_EKG-->     Purchasing Group in Purchase Order
  M_BEST_EKO-->     Purchasing Organization in Purchase Order
  M_BEST_WRK-->     Plant in Purchase Order
  M_MATE_CHG-->     Material Master: Batches/Trading Units
  M_MATE_STA-->     Material Master: Maintenance Statuses
  M_MATE_WRK-->     Material Master: Plants
  M_MRES_BWA-->     Reservations: Movement Type
  M_MRES_WWA-->     Reservations: Plant
  M_MSEG_BMB     -->Material Documents: Movement Type
  M_MSEG_BWA-->     Goods Movements: Movement Type
  M_MSEG_BWE-->     Goods Receipt for Purchase Order: Movement Type
  M_MSEG_BWF-->     Goods Receipt for Production Order: Movement Type
  M_MSEG_LGO-->     Goods Movements: Storage Location
  M_MSEG_WMB-->     Material Documents: Plant
  M_MSEG_WWA-->     Goods Movements: Plant
  M_MSEG_WWE-->     Goods Receipt for Purchase Order: Plant
  M_MSEG_WWF-->     Goods Receipt for Production Order: Plant
  M_RAHM_BSA-->     Document Type in Outline Agreement
  M_RAHM_EKG-->     Purchasing Group in Outline Agreement
  M_RAHM_EKO-->     Purchasing Organization in Outline Agreement
  M_RAHM_WRK-->     Plant in Outline Agreement
  Q_TCODE     QM -->         Transaction Authorization
  S_ADMI_FCD-->     System Authorizations
  S_ALV_LAYO-->     ALV Standard Layout
  S_BDS_DS-->     BC-SRV-KPR-BDS: Authorizations for Document Set
  S_BTCH_ADM-->     Background Processing: Background Administrator
  S_BTCH_JOB-->     Background Processing: Operations on Background Jobs
  S_CTS_ADMI-->     Administration Functions in Change and Transport System
  S_DATASET-->     Authorization for file access
  S_DEVELOP-->     ABAP Workbench
  S_DOKU_AUT-->     SE61 Documentation Maintenance Authorization
  S_GUI-->                     Authorization for GUI activities
  S_OC_DOC-->     SAPoffice: Authorization for an Activity with Documents
  S_OC_ROLE-->     SAPoffice: Office User Attribute
  S_OC_SEND-->     Authorization Object for Sending
  S_PACKSTRU-->     Internal SAP Use: Package Structure
  S_PRO_AUTH-->     IMG: New authorizations for projects
  S_RFC-->                     Authorization Check for RFC Access
  S_SCD0     -->                Change documents
  S_SPO_DEV-->     Spool: Device authorizations
  S_TABU_DIS-->     Table Maintenance (via standard tools such as SM30)
  S_TCODE     -->                Transaction Code Check at Transaction Start
  S_TRANSLAT-->     Translation environment authorization object
  S_TRANSPRT-->     Transport Organizer
  S_WFAR_OBJ-->     ArchiveLink: Authorizations for access to documents
  V_LIKP_VST-->Delivery: Authorization for Shipping Points
  V_VBAK_AAT-->Sales Document: Authorization for Sales Document Types
  V_VBAK_VKO-->Sales Document: Authorization for Sales Areas

  Have you executed a trace while a functional user executes the transaction code for the specific parameters? (i.e. document type). The trace will then show which objects are being checked; then look at the object documentation in txn Su21 to determine if there are any ways to restrict on the particular value; in some cases, if the authorization group field is being checked, additional configuration is needed in order to implement the security (Su21 will explain in detail for the particular object).

• Sales document type restriction to create sales order

  Hi Frinds,
  My client has one requirement ...they have different sales document type. For sales document type  free of charge delivery they want only some authorised person should be able to create sales order. Is it possible to set the authorisation to create sales order according to sales document type.
  Regards
  SV

  Yes, 
         As already suggested, it is very well possible to restrict the user for the use of certain sales document type from basis.
  & to add to the above,
  Create Z* table with Sales Org + Doc type = UserID.
  call this table in VA01 transaction & write piece of coding , if current USerID have entry in this table with the said combination - should not allow to proceed further.
  without any basis involvement also you can ahieve your requirement.
  Note: Sales Org is used for validation purpose only.
  Regards,
  Reazuddin MD

• MIGO_GR Authorization check for PO Document type

  Hi Friends,
  We would like restrict users processing GR's against certain PO document types. In brief, <b>X</b> group of users are allowed to process GR's against PO document type <b>'NB'</b>  only. This validation should take place soon after they enter the PO number or at the check level in MIGO_GR.
  Unfortunately, MIGO does not provide relevant standard authorization object... or EXITS to achieve this.
  Appreciate, if you share your expertice in this regard . Points will be awarded...
  Regards
  Kumar

  By defining custom authorisation object.

• Document Type restirction by company code

  Hi All
  We have a scenario where they are different companies with a group company and DMS is installed in all companies under single client
  While defining Document types, one group company should not be able to view the Document type of another..
  We can give authorisation based on Document types, but they dont even want to see the Doc, type name of the other company while using search option..
  How is the possible?
  Can we differentiate Doc types by company code ?? so that only Doc types specific for one particular company only will be reflected while using F4 , Search option??
  Please suggest
  Regards
  Aby

  Hi,
  There are many authorization objects like C_DRAW_TCD, C_DRAW_TCS, C_DRAW_STA & C_DRAW_DOK, which might be helpful in your case.
  Regards
  Surjit

• Restriction of Document type

  Dear Sir
  we have created document type by one user and i want to restrict for other user for change in that document type with user specific
  eg. user 1 created document with doc type dev and save
         user 2 has creation authorisation of save doc type but he/she should not have authorisation to edit user 1 docue

  If I have understood your requirement correctly, you want to say that:
  There are two users say, USER1 & USER2 & both use same document type, say DC1.
  For example, USER1 has created a DIR with doc. type DC1. And you want to restrict changing of this DIR by USER2 & viceversa.
  If this is your requirement, then what you can do is, you can utilize the "Authorization Group" functionality in DMS.
  Create two different Authorization groups for USER1 & USER2. For example, create Authorization group AUT1 for USER1 & Authorization group AUT2 for USER2.
  In roles & authorizations, you create two different roles. For USER1 you assign the Authorization group AUT1 in object BEGRU
  For USER2 you assign the Authorization group AUT2 in object BEGRU.
  Once you do this & assign roles to respective users, USER1 can create the DIR with doc type DC1 & enter the Authorization group AUT1 & saves it. Now even if USER2 tries to open it, he/she can't access it, since her roles do not have authorization for the Authorization group AUT1.
  The same thing works for USER2. Say, if USER2 creates DIR with Authorization group AUT2, USER1 can't access it.
  This is the only way, that you can control it.
  Otherwise, you may need to create two different Document types for USER1 & USER2 depending on your business requirement.
  I hope this helps.
  Regards
  Amaresh Makal

• PR mandatory only for few PO document types

  Hi SAP Gurus,
  Issue being faced in a support project.
  A buyer is authorised to create 5 different PO doc types. Requirement is to make for only 2 PO document types PR is mandatory. Need immeidate inputs. Any suggestion without implementing user exists is highly appreciated.
  Regards,
  GM

  The field can not be made a required entry in ME21N. However you
  can use "Function Authorizations" (OMET) to restrict the user to only
  order with reference to a purchase requisition.
  As both the "agreement field" and "purchase requisition" fields are
  reference fields they are populated when created in reference and thus
  the system would not accept attempting to make them a mandatory field.
  Please use the OMET transaction and the PID EFB to accomplish your
  desired functionality.
  I have also attached note : 664424  'Requisition number not mandatory in
  ME21N' which contains further information regarding this functionality.
  I hope you find the note useful together with the information i have
  given you!!\
  This will make for all document types...........I guess you cannot do this for different document types

• PO Document type Authorizations

  All,
  Whether its possible to give authorizations based on PO Document types ?
  Authorization object is M_BEST_BSA.
  pLS ADVISE.
  REGARDS

  Hi,
  I am not an authorisations expert but I am sure that you can control which PO document type can be used by each user.
  Hopefuly someoen with authorisations knowledge will confirm this???
  Sorry I misunderstood your qiestion, it was my fault, your question was very clear.
  Steve B

• Table for document type Number Range interval

  Hi,
  I want to know the number range interval for document type in the production system but I do not have authorisation for SPRO in the prd system.
  Kindly let me know the table name to check this number range interval for the document type.
  Table T003 stores only the number range and not the interval.
  Thanks
  Suresh

  Hi,
  The table which has document types is T003 but the number ranges are stored in a Structure IRDP. The number ranges are maintained directly in the production system.
  regards,
  radhika
  Edited by: kolipara radhika on Aug 25, 2008 6:01 AM

• Limit Document types by plant and user

  Hi,
  I need to limit document types between two plants meaning a user should be able to use only one document type when buying from another plant but have all other types available for use generally.
  Example when user A from plant 1000 buys from plant 2000 he can only use UB Purchase Order type but for all other plants he can use any document types.
  Points will be awrded.

  You can limit the document type for each buyer in the Authorisation profile for  the buyer. This is done by  SAP Authorisation team. T code: PFCG
  Please contact your SAP Authorisation Team or SAP BASIS Team.
  G.Ganesh Kumar.