FS00 Authorization Group
Hello,
When I enter transaction code FS00, I would expect to see the authorization group field on the control data tab. I do not currently see this field available in transaction code FS00. Any recommendations on the piece of configuration that I should check to activate the authorization group field in FS00? FYI....we just upgraded to ECC 6.0. Thanks in advance for the help.
Jordan
Dear Jordan,
please run transaction OBD4 for Your Chart of account and account group.
Then double click and check the field status uder Account management.
Then put Authorization group as optional entry and save.
I hope this helps You.
Mauri
Similar Messages
-
Authorization Group for G/L Account
Hi,
What?
- I wish to restrict the 'posting' of a G/L account to be done by certain users only
How?
- What I have done was...
a) From FS00, I have added a free-text (BANK) into the Authorization Group for a G/L account
b) From PFCG, a new role was created to allow these 2 Authorization Objects, F_BKPF_BES and F_SKA1_BES
c) 'BANK' was entered for the Authorization Group for both these 2 Authorization Objects
d) From there, I have assigned this new role to the user that I wish to allow Posting of the G/L account
Problem?
- Other users still can do Posting for this G/L account
- Any steps which I have missed out here or done wrongly?
Thanks,
BrandonHi,
Some other roles of the users may override and cause the users to post against this GL account.
Check all the roles relevant for the restricted users.
Use SUIM t-code to find if the auth object mentioned above is included in any other role.
If it be, restrict that again.
Generally if one role as no restriction against this auth and not all, this issue tends to happen.
Regards,
Sridevi -
Authorization group in Gl account
Hi friends,
In Control tab in FS00 there is a field called Authorzation group which i think restrict the users for the GL Account. where i can create this group and how can i assign this group to a particular user to restrict a particular user from using a GL Account.
Any idea kindly share with me.
Thank youHello Siva,
The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. The authorization groups usually occur in authorization objects together with an activity.
Access to a master record may be restricted. One reason for this might be to protect master data from unauthorized changes.
Authorization can be assigned for the following editing functions:
Create
Change
Display
All employees can display the G/L account master records, but only a limited number of people may create or change them.The authorizations for editing G/L account master records are set in your user master record.
To restrict access to a G/L account master record, enter a key in the Authorization field in the company code area of the master record.
Prerequisites: You have to define authorizations before you can limit access to a G/L account master record. You can find these settings in Financial Accounting Customizing under Financial Accounting Global Settings->Maintain Profiles .
Hope I had been able to help you. Please assign points.
In case you donot have idea of how to assign points, pls let me know.
Rgds
Manish -
How to create authorization groups for G/L Accounting
Hi:
I have a problem with authorizations groups in FI, I hope you could help me.
We want to control access to accounting in FI by authorization group so user only can work with some G/L accounts.
I have seen in transaction FS00, in control data tab, a field called Auth. Group, but I really donu2019t know if this is the right field.
Do you know how I can control access to G/L Accounts by Authorization Groups? Perhaps must I to create a new Authorization Group by roles? We have 4.6c.
Please, any help is welcome.
Thanks in advance.Hi
Update the authorization group field in the GL master with any user defined value and then include the same in the respective user roles against the authorization object - F_BKPF_BES-BRGRU in PFCG
Ensure you have updated 'Authorization group' for the GL accounts in your chart of accounts
Thank You, -
Restricting Users based on GL Authorization Group
Gurus,
I have got requiremnt from our finance consultant/team for restricting users from accesing particular GL accounts in a company code. There are some GL which users are not supposed to view.
We have created authorization group in FS00 -Control data , but we cannot see that group in object F_BKPF_BES(Account authorization for GL accounts).
Please help.
RegardsHi,
Step1: Create Tolerance Groups
Step2: Assign Users to Tolerance Groups
Step3: Remove/Add T Codes in Users Master Data (T Code: SU01)
Thanks
Chandra -
Assign posting periods to authorization group in tcode S_ARL_87003642
Hello,
I want to restrict posting periods for some users. Therefore, I have created 2 functions associated to 2 authorization groups.
In transaction S_ARL_87003642, when I try to assign different posting periods to each authorization group to the same company code (Posting Period Variant) it appears a message saying u2018Target key must be different from source keyu2019.
What am I doing wrong? Do you know how can I restrict posting periods for some users?
Thanks and regards
Ana RitaDear,
You simply have to define authorisation groups in OB52 and assign this group to F_bkpf_bup in SU01 against user proflie as desired. Take basis help.
Regards -
Restrict Vendor line items display by Vendor authorization group
Hi Gurus,
I have a requirement to restrict Vendor line item diplay for Tcode FBL1N, I have updated the Authorization object F_LFA1_BEK, its work fine if all the vendors have authorization, However it also display vendors whose auth. group is "BLANK" or "SAPCE",
Is there a way that I can slove this issue, is there any SAP notes of other object which needs to be updated ?Hi,
this problem has been discussed on this forum last week. Basically, SAP does not perform authorization check if the authorization group is blank. Hence you need to assign authorization object to all vendors.
Cheers -
Authorization group in GL A/C
Hi,
I have a role that has the authorization group in the authorization objects F_BKPF_BES , F_SKA1_BES updated only with 'AUTH' but the same role is also able to access GL accounts with authorization group 'REST'.
I want to restrict the role to access GL Accounts only with authorization group 'AUTH'.
How to do it.Kindly advise.
Thanks.GL account Authorization
Re: How to create authorization groups for G/L Accounting
Thanks
Javed -
Authorization group in GL A/C using FB01
HI, We have activated the authorization Group in GL A/c. Using the authorization object F_BKPF_BES we were able to create restrictions on other tcodes like F-28 . However when using the u201CFB01u201D tcode, the authorization check does not have any effect. I have already check the authorization in SU24 for fb01 and status is set to YES. I have also created a trace(using ST01) for this transaction but ST01 does not show any authorization trace for F_BKPF_BES.
Hello,
Authorization object:F_BKPF_BES should be checked when you run FB01.
In your case,please try to check the following points:
1.Authrization group was assigend to G/.L master data correctly.
2.Authrization group was assigend to object:F_BKPF_BES correctly.
3.Avtivity was defined in this object correctly.
4.Role was assgined to user correctly.
5.SAP_ALL authorization was deleted from the user profile.
Note: it is impossible to define the authorization group as ' '(space) in object:F_BKPF_BES,
if ' ' was defined, system will consider there are no any setting existed.
Hope the above infor. could help you to solve this issue.
Best Regards, -
Creation of Authorization group
Hello All,
I have a requirement from FI consultant for creation of new authorization group. This auth. group we want to use in FI objects like F_BKPF_BEK. so that for few end users they should not change any vendor data in FK02.
I have gone through several posts, but not able to get / understand clear steps for creation of auth group and assignment.
One of the post i found is below:
[How to create Authorization group;
i tried to do few steps but not in right direction. Request you some one please suggest me the steps for cration.
Rgds,
Durga.Julius,
Thanks for the update. As suggested by you i have inserted one entry of auth group in TBRG table against FI object with SE16.
Now how do we maintain the view of V_TBRG. Is it from SE11?, if yes then i should do this step from ABAP login.
But what i heard is, this activity is purely involved by Basis people.
Please suggest.
Rgds,
Durga. -
Customer Master Data and Line Items Balances Display - Authorization Group
One autorization group was created and assigned to some customer masters in General, Company Code and Sales Area's.
User is restricted to one authorization group. When executing FBL5N, all customer balances are displayed i.e. including blank authorization group customer. It is not restricted to authorization group customer! Why?Kindly check the authorization objects assigned in the user profile. You may ask your basis to help you with the authorization.
-
Authorization Group (BEGRU) search help required in Easy DMS
Hi all,
I had defined some value in authorization group (BEGRU) in SAP. When i opened the Document using CV01N/ CV02N transaction, then F4 help is available to me.
but when i opened the same document via SAP Easy DMS 7.0, Search help functionality is not there.
How could i activate this.
Pls.. Suggest.
Regards,
S AnandHello Sheo,
EasyDMS does not provide search help for Authorization object as of the latest release. The search help achieved by customization of the domain BEGRU does not reflect in EasyDMS.
To achieve this, you can enhance easydms interface by using either easydms plugins or EasyDMS custom tab.
refer:
http://wiki.sdn.sap.com/wiki/display/PLM/EasyDMSPlugin%28Addin%29-Advanced+Development
note: 1355293
Regards
Surjit -
Use of Authorization Group in OB52
Dear Experts,
I have updated Authorization Group as "OB52" in the last column of OB52 T-Code against each posting period variant with account type + , A,D,K,S,M etc with normal period 1 to 12 and special period 13 to 16.
The same Authorization Group "OB52" is updated in one of FI users say Mr X Role profile under authorization object F_BKPF_BUP.
Now as per the SAP standard practice the special period 13-16 should open for the user Mr X and block for all other users. But system is allowing to do transaction with special period 13-16 for other users also.
Please advise where I am wrong.
Regards,
AlokDear,
I will explain you the step involved for auth Mr.X to post for the particular period.
Let take an example that Mr.X has to be allowed to post between the period 1 to 11 and other user only for the period 11(Apr - March as fiscal year).
Now,for valuation variant with account ' +' for the first period, you enter from period as '1' and to period as '10' and in second period, you enter from period '11' and to period '11', provide the auth group (eg KU - key user) in the last column.
For other accounts (A,D,M,K,S) change the first period from '1' to '12' and dont assign any auth group.
Now you goto se16n and check in TBRG table whether your auth group KU is available for the object F_BKPF_BUP,if not maintain it.
The last step is to assign "KU" to Mr.X profile or role against the object F_BKPF_BUP.
Once you made the change"generate" and save it.
Now the system will permit Mr.X to post for the periods between 1 to 11 and other user only for 11 period.
Hope that i am ab;le to clear your boubt.
Do revert for any further assistance.
Take care
God Bless
Regards -
BAPI to create bp with name, search term, address and Authorization Group
Hi
which BAPI could be used to create Business Partner (type organazation) with names, search term, address and the Authorization Group field.
thsHello ,
You can use : BAPI_BUPA_CREATE_FROM_DATA
In case you need to update additional fragments just search in trn code SE37 for BAPI_BUPA_*CREATE.
For example BAPI_BUPA_FRG0040_CREATE - Create classification data for BP , etc'.
Additional you can use XIF :CRMXIF_PARTNER_SAVE to create business partners
Rika -
Dear Friends,
I know I can restrict two user "A" & "B" who create DIR " 1001" & "1002" respectively under same document Type say "DRW". Means they cannot display the DIR created by each other by Authorization Object "C_SIGN_BGR".
I have tried this and works perfect.
But my question is can I maintain these Authorization Groups so that when user enters any wrong Authorization group, it should not allow him to enter in Authorization Group Field.
If I Maintain the setting in SPRO in DMS>Approvals>Define Authorization groups, will my maintained values will be validated with the values I enter in Authorization Group field.
Also I know the developement mentioned under link.
[https://wiki.sdn.sap.com/wiki/display/PLM/F4forAuthorization+group]
But I want to avoid this developement.
Waiting for your reply.
With warm Regards
MangeshHi Mangesh,
To achieve this I suggest you to Update domain BEGRU as mentioned in the link
http://wiki.sdn.sap.com/wiki/display/PLM/UsingAuthorizationGroupfieldin+DMS
values can be maitained in ztable
You can also have search help for BEGRU, by adding search help in DRAW table for BEGRU.
also go through post - Re: Authorization Group in CV01n Document Data tab
Auth object C_DRAW_BGR has field value reference to data element BEGRU
Regards
Surjit
Maybe you are looking for
-
My computer keeps telling me to download Flash Player even though I already have.
Why does my computer keep telling me to download the latest version of Flash Player even though I have downloaded it multiple times. Am I forgetting to do something?
-
A funny anomaly for those who use JDK on Windows 7, just for your info. On Windows 7 Professional ver.6.1 (Build 7601: Service Pack 1) that has Adobe Reader 9 Automatic Updater enabled, an attempt to download jdk-7u2-windows-i586.exe resulted in Blue
-
Hi, I know that we create foreign key joins in the Physical Layer and complex joins in BMM layer. Can we create complex join in Physical Layer and foreign key joins in BMM layer? Under which circumstances should we do this? Is there any benefit/disad
-
I have a iphone 4S. When I try to send email I get error message:"recipient rejected by server". How do I correct
-
My ipod touch wont sync. getting an error message saying 0xe8004002
Hello everyone. I am having a problem either with my ipod touch 4th generation, or my itunes. it is not syncing. i am getting an error message stating an unknown error has occurred. 0xe8004002. if anyone can help.... PLEASE DO!