How do we restrict the user access for a particular G/L account

Dear Experts,
At our customer site, we follow master / derived role concept for authorisations.
We have a requirement to restrictict user at G/l account authorisation level.
I am aware that every g/l account account has a authorisaition group. But g/l account authorisation is a non-org value for which the present value is * for brgru, we cannot restrict by user/org. At our customer site the authorisations are provided at master role level for a designation and derived role is restricted for a plant, BA etc..
Is there is any user parameter level restriction which can handle this requirement, i mean user parameter for specific g/l account, as we do LIF pid to restrict vendor level access.
Appreciate your suggestions ASAP.
Best regards,
M.Kumaran

Depends.
What are you trying to protect? GL account masterdata (FS00) or FI document creation for specific GL accounts?
Without knowing more about the design principles behind your roles, your release or other restrictions, I would suggest:
(1) grouping off the GL accounts you want to protect in authorization groups (maintained via FS00);
(2) deactivating either object F_BKPF_BES (if your trying to restrict FI document creation) or object F_SKA1_BES (if your trying to restrict access to GL account masterdata) or both in master/derived role;
(3) create several separate roles that would contain only the aforementioned objects with access to specific GL account groups;
(4) assign the roles from step 3 to users as required.
Hope this helps.

Similar Messages

  • How can we restrict the users/planners for a planning book?

    Hi experts,
    How can we restrict the users/planners for a planning book?
    Thanks,
    Naga.

    Hi Naga,
    we describe this in our SAP Demand and Supply Network Planning rapid-deployment solution.
    Access this area directly via
    http://service.sap.com
    /rds-dpa
    In the configuration guide Demand Planning Settings, Macros and Chart
    Engine (DP3) read Appendix: Setting up Roles and
    Authorizations.
    BR Frank

  • How do i restrict the balancing segment for a particular legal entity

    Hi All,
    There is a new feature in Release 12 where i can restrict the balancing segment values for a Legal entity.How do i implement the same in an OA Page.

    Do you mean to say that the feature is enabled on forms and you want the same on OA page? Sounds contradictory.
    Is it something related to functional setup or are you looking for customization through coding?
    --Shiv                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  • How do I change the User Agent for Safari on my iPad?  I need this for a specific website for work.

    How do I change the user agent for Safari on my iPad?  I know how to do it on my desktop version, but I need it for my iPad.

    You can rename the iPad here:
    Settings - General - About - Name
    For Siri make sure he has himself as a contact in the Contacts app then:
    Settings - General - Siri - My Info and select his contact info

  • How do u handle the user parameters for a currency field.

    How do u handle the user parameters for a currency field.
       Decimal saperator and a hundreds saperator. (depending upon the user parametes set for the user the saperators may differ)
          Eg: currency field: 13.896,01 (In this case u2018,u2019 is a thousand saperator and u2018.u2019 is a decimal saperator) How to handle this one.
    Regards,
    Ram.

    Hi,
    Try this code....
    DATA: V_KURSF1 TYPE c LENGTH 10,
            v_kursf2 type c LENGTH 10,
            v_dcpfm    TYPE xudcpfm, "Decimal or Thousand Notation
            v_thousand TYPE char1,   "Thousands Notation
            v_decimal  TYPE char1.   "Decimal Notation
      CONSTANTS:    c_x      TYPE char1 VALUE 'X',
                    c_y      TYPE char1 VALUE 'Y',      "Value Y
                    c_comma  TYPE char1 VALUE ',',      "Comma
                    c_point  TYPE char1 VALUE '.',      "point
                    c_blank  TYPE char1 VALUE ' '.      "Blank
      IF v_dcpfm IS INITIAL.
        SELECT SINGLE dcpfm
        FROM usr01
        INTO v_dcpfm
        WHERE bname = sy-uname .
        IF sy-subrc = 0.
          CASE v_dcpfm.
            WHEN c_x.
              v_decimal  = c_point.
              v_thousand = c_comma.
            WHEN c_blank.
              v_decimal  = c_comma.
              v_thousand = c_point.
            WHEN c_y.
              v_decimal  = c_comma.
              v_thousand = c_blank.
          ENDCASE.
        ENDIF.
       ENDIF.
               Find c_point in  wa_segment-exchange_rate.  ( Eg:ield)
              if sy-subrc = 0.
                replace c_point in wa_segment-exchange_rate with v_decimal.
              endif.

  • To find the User Exits for a particular Transaction.

    hi,
        I want to find the number of User Exits for a The Transaction MM01 or MM02,
        I serched in the forums but could not find satisfactory ans,
        I tried with:
                 T.Code-> System>Status->Prog Name>SE38>find Call Customer-Exit.
        But its not helping me,
        Please help me.
    Thanks and Regards
    Suraj S Nair.

    hi ,
    if you are new to user exist use --> follw the below methos to find the user exit for a particular transaction or t-code
    create one custom pgm in se38 and execute >selection screenenter t-code and execute it will return all the user exists for a specific transaction..
    Finding the user-exits of a SAP transaction code
    * Finding the user-exits of a SAP transaction code
    * Enter the transaction code in which you are looking for the user-exit
    * and it will list you the list of user-exits in the transaction code.
    * Also a drill down is possible which will help you to branch to SMOD.
    * Written by : SAP Basis, ABAP Programming and Other IMG Stuff
    *              http://www.sap-img.com
    report zuserexit no standard page heading.
    tables : tstc, tadir, modsapt, modact, trdir, tfdir, enlfdir.
             tables : tstct.
    data : jtab like tadir occurs 0 with header line.
    data : field1(30).
    data : v_devclass like tadir-devclass.
    parameters : p_tcode like tstc-tcode obligatory.
    select single * from tstc where tcode eq p_tcode.
    if sy-subrc eq 0.
       select single * from tadir where pgmid = 'R3TR'
                        and object = 'PROG'
                        and obj_name = tstc-pgmna.
       move : tadir-devclass to v_devclass.
          if sy-subrc ne 0.
             select single * from trdir where name = tstc-pgmna.
             if trdir-subc eq 'F'.
                select single * from tfdir where pname = tstc-pgmna.
                select single * from enlfdir where funcname =
                tfdir-funcname.
                select single * from tadir where pgmid = 'R3TR'
                                   and object = 'FUGR'
                                   and obj_name eq enlfdir-area.
                move : tadir-devclass to v_devclass.
              endif.
           endif.
           select * from tadir into table jtab
                         where pgmid = 'R3TR'
                           and object = 'SMOD'
                           and devclass = v_devclass.
            select single * from tstct where sprsl eq sy-langu and
                                             tcode eq p_tcode.
            format color col_positive intensified off.
            write:/(19) 'Transaction Code - ',
                 20(20) p_tcode,
                 45(50) tstct-ttext.
                        skip.
            if not jtab[] is initial.
               write:/(95) sy-uline.
               format color col_heading intensified on.
               write:/1 sy-vline,
                      2 'Exit Name',
                     21 sy-vline ,
                     22 'Description',
                     95 sy-vline.
               write:/(95) sy-uline.
               loop at jtab.
                  select single * from modsapt
                         where sprsl = sy-langu and
                                name = jtab-obj_name.
                       format color col_normal intensified off.
                       write:/1 sy-vline,
                              2 jtab-obj_name hotspot on,
                             21 sy-vline ,
                             22 modsapt-modtext,
                             95 sy-vline.
               endloop.
               write:/(95) sy-uline.
               describe table jtab.
               skip.
               format color col_total intensified on.
               write:/ 'No of Exits:' , sy-tfill.
            else.
               format color col_negative intensified on.
               write:/(95) 'No User Exit exists'.
            endif.
          else.
              format color col_negative intensified on.
              write:/(95) 'Transaction Code Does Not Exist'.
          endif.
    at line-selection.
       get cursor field field1.
       check field1(4) eq 'JTAB'.
       set parameter id 'MON' field sy-lisel+1(10).
       call transaction 'SMOD' and skip first   screen.
    *---End of Program
    Regards,
    Prabhudas

  • How can i find the exact BADI For a Particular Transaction

    hi ppl,
    How can i find the exact BADI For a Particular Transaction. Is there any Standard transaction or Programs to do this or suggest some other way.

    Use this code:
    *& Report  ZGET_BADI
    REPORT  ZGET_BADI.
    TABLES : TSTC,
    TADIR,
    MODSAPT,
    MODACT,
    TRDIR,
    TFDIR,
    ENLFDIR,
    SXS_ATTRT ,
    TSTCT.
    DATA : JTAB LIKE TADIR OCCURS 0 WITH HEADER LINE.
    DATA : FIELD1(30).
    DATA : V_DEVCLASS LIKE TADIR-DEVCLASS.
    PARAMETERS : P_TCODE LIKE TSTC-TCODE,
    P_PGMNA LIKE TSTC-PGMNA .
    DATA wa_tadir type tadir.
    START-OF-SELECTION.
    IF NOT P_TCODE IS INITIAL.
    SELECT SINGLE * FROM TSTC WHERE TCODE EQ P_TCODE.
    ELSEIF NOT P_PGMNA IS INITIAL.
    TSTC-PGMNA = P_PGMNA.
    ENDIF.
    IF SY-SUBRC EQ 0.
    SELECT SINGLE * FROM TADIR
    WHERE PGMID = 'R3TR'
    AND OBJECT = 'PROG'
    AND OBJ_NAME = TSTC-PGMNA.
    MOVE : TADIR-DEVCLASS TO V_DEVCLASS.
    IF SY-SUBRC NE 0.
    SELECT SINGLE * FROM TRDIR
    WHERE NAME = TSTC-PGMNA.
    IF TRDIR-SUBC EQ 'F'.
    SELECT SINGLE * FROM TFDIR
    WHERE PNAME = TSTC-PGMNA.
    SELECT SINGLE * FROM ENLFDIR
    WHERE FUNCNAME = TFDIR-FUNCNAME.
    SELECT SINGLE * FROM TADIR
    WHERE PGMID = 'R3TR'
    AND OBJECT = 'FUGR'
    AND OBJ_NAME EQ ENLFDIR-AREA.
    MOVE : TADIR-DEVCLASS TO V_DEVCLASS.
    ENDIF.
    ENDIF.
    SELECT * FROM TADIR INTO TABLE JTAB
    WHERE PGMID = 'R3TR'
    AND OBJECT in ('SMOD', 'SXSD')
    AND DEVCLASS = V_DEVCLASS.
    SELECT SINGLE * FROM TSTCT
    WHERE SPRSL EQ SY-LANGU
    AND TCODE EQ P_TCODE.
    FORMAT COLOR COL_POSITIVE INTENSIFIED OFF.
    WRITE:/(19) 'Transaction Code - ',
    20(20) P_TCODE,
    45(50) TSTCT-TTEXT.
    SKIP.
    IF NOT JTAB[] IS INITIAL.
    WRITE:/(105) SY-ULINE.
    FORMAT COLOR COL_HEADING INTENSIFIED ON.
    *Sorting the internal Table
    sort jtab by OBJECT.
    data : wf_txt(60) type c,
    wf_smod type i ,
    wf_badi type i ,
    wf_object2(30) type C.
    clear : wf_smod, wf_badi , wf_object2.
    *Get the total SMOD.
    LOOP AT JTAB into wa_tadir.
    at first.
    FORMAT COLOR COL_HEADING INTENSIFIED ON.
    WRITE:/1 SY-VLINE,
    2 'Enhancement/ Business Add-in',
    41 SY-VLINE ,
    42 'Description',
    105 SY-VLINE.
    WRITE:/(105) SY-ULINE.
    endat.
    clear wf_txt.
    at new object.
    if wa_tadir-object = 'SMOD'.
    wf_object2 = 'Enhancement' .
    elseif wa_tadir-object = 'SXSD'.
    wf_object2 = ' Business Add-in'.
    endif.
    FORMAT COLOR COL_GROUP INTENSIFIED ON.
    WRITE:/1 SY-VLINE,
    2 wf_object2,
    105 SY-VLINE.
    endat.
    case wa_tadir-object.
    when 'SMOD'.
    wf_smod = wf_smod + 1.
    SELECT SINGLE MODTEXT into wf_txt
    FROM MODSAPT
    WHERE SPRSL = SY-LANGU
    AND NAME = wa_tadir-OBJ_NAME.
    FORMAT COLOR COL_NORMAL INTENSIFIED OFF.
    when 'SXSD'.
    *For BADis
    wf_badi = wf_badi + 1 .
    select single TEXT into wf_txt
    from SXS_ATTRT
    where sprsl = sy-langu
    and EXIT_NAME = wa_tadir-OBJ_NAME.
    FORMAT COLOR COL_NORMAL INTENSIFIED ON.
    endcase.
    WRITE:/1 SY-VLINE,
    2 wa_tadir-OBJ_NAME hotspot on,
    41 SY-VLINE ,
    42 wf_txt,
    105 SY-VLINE.
    AT END OF object.
    write : /(105) sy-ULINE.
    ENDAT.
    ENDLOOP.
    WRITE:/(105) SY-ULINE.
    SKIP.
    FORMAT COLOR COL_TOTAL INTENSIFIED ON.
    WRITE:/ 'No.of Exits:' , wf_smod.
    WRITE:/ 'No.of BADis:' , wf_badi.
    ELSE.
    FORMAT COLOR COL_NEGATIVE INTENSIFIED ON.
    WRITE:/(105) 'No userexits or BADis exist'.
    ENDIF.
    ELSE.
    FORMAT COLOR COL_NEGATIVE INTENSIFIED ON.
    WRITE:/(105) 'Transaction does not exist'.
    ENDIF.
    AT LINE-SELECTION.
    data : wf_object type tadir-object.
    clear wf_object.
    GET CURSOR FIELD FIELD1.
    CHECK FIELD1(8) EQ 'WA_TADIR'.
    read table jtab with key obj_name = sy-lisel+1(20).
    move jtab-object to wf_object.
    case wf_object.
    when 'SMOD'.
    SET PARAMETER ID 'MON' FIELD SY-LISEL+1(10).
    CALL TRANSACTION 'SMOD' AND SKIP FIRST SCREEN.
    when 'SXSD'.
    SET PARAMETER ID 'EXN' FIELD SY-LISEL+1(20).
    CALL TRANSACTION 'SE18' AND SKIP FIRST SCREEN.
    endcase.
    Regards
    Vinayak

  • How do i Restrict the users up to the self service pag only in IDM 11g

    Hi all,
    can any one please help me out to restrict the users to self service page only in 11g.
    thanks for your time and support
    Regards
    Siva

    Your user will have the Administration page if they have an Authorization Policy configured to allow the user any of the User Management or Role Management Functions. Also, if you login as a user that has those tabs, and logout while on the Administration tab, sometimes i've noticed the new user logging in with the same browser session will be in the Administration tab but with no items available.
    -Kevin

  • How to find out the Queries Generated for a particular ods?

    Hi all,
    There are atleast 10 queries generated for a Particular ODs zyyyyy. I would like to know what are the queries generated for a particular ods.
    I have used the where use list of the ods. But it did not displayed the queries generated for that ods.
    I have looked at the bex query for that ods but cant find any query being generated on that ods??
    Is there any way to find out what are the queries generated for a particular ods?
    thanxs
    haritha

    Hello Haritha,
    Please follow the path.
    Go to RSA1 -> Metadata Repository ->DataStore Objects(ODS) -> Find you DSO(ODS) there and click on that, you will get all the details(Queries, Objects - Char, Key figures, update rules,etc..) related to that particular DSO(ODS), same is the case for Cube as well.
    Please assign points.

  • How to get all the approver list for a particular transaction in iExpense

    Is there any API to get all the approver list for a particular transaction in iExpense workflow after submitting an expense report?

    Hi All,
    Could anyone please let me know API to get all AME approvers in one go.
    I am currently using below API to get approver list.
    ame_api.getallapprovers (applicationidin => 201 , -- PO
    transactionidin => l_document_id , -- req header id
    transactiontypein => 'PURCHASE_REQ'
    ,approversout => l_appr_list
    But if any of the approver is INACTIVE then API is going into exception and not showing all approvers. Requirement is like to show all approvers with their statuses (ACTIVE / INACTIVE).
    Reply ASAP.

  • How can we restrict the user to a desired "Member access profile" ?

    Dear Gurus,
    In BPC 7.0 my "Team" has 4 "member access profiles" and a user is assigned to that team.
    Can that user have access to just one member access profile ??
    If he can, how do I set it up in BPC 7.0 ?
    NB: I read somewhere that I should not asign "member access profiles" to users directly. Hence I wanted to do it through "Team"
    -Venkat

    Vijaya,
    Sorry, but your answer didn't make any sense to me.
    Here all the 4 member access profiles are different. i.e. they all are restricted with a different dimension member. So, if I assign each of these 'member access profiles' directly to the user, my requirement is met.
    But my question is: how do my "user" pick the required member access profile from a TEAM which has all 4 member access profiles ?
    SAP suggested NOT to assign users directly to member access profiles. Instead it suggested to assign "teams" to member access profiles and assign user to the "teams"

  • How to find out the User Details for the particular transaction

    Hi,
    Actually AJAB -Asset Year closing was done by One User.How and Where to find out the User details who executed the Transaction.Kindly tell me the T-code for this.
    Thanks
    Sap Guru

    Hi:
    Please contact you basis administrator.Give him the T.code and date when Year closing was done. He may resolve your problem.
    Please let me know if you need more information,
    Assign points if useful.
    Regards
    MSReddy

  • How to hide/remove the 'Delete' button for a particular role

    We have a role that can only Create and Edit the Accounts, Contacts, Opportunities, & Leads. So I modified the Default and Owner Access Profiles for that role and changed the Access Level to 'Read/Edit' for each of the above mentioned Record Types.
    When the user is logged with this role they can see the 'Delete' button on all the Record Types. When they click on the 'Delete' button they get the 'Access Denied' message. Thats fine, but how do you hide/remove the 'Delete' button for this role so they don't try to click it.

    At this time it is not possible to hide/remove the "Delete" button. This functionality is on the roadmap.

  • How to find out the set handler for a particular signal?

    I have an interesting puzzle to solve. l'm investigating problems with someone else's code and I'd like to get the name of the handler that is set for SEGV. psig shows that the process catches SEGV, however I don't have access to the source code for all the libraries it links against and none of the source code I have sets a handler for SEGV. Is there a way to find out the name of the signal handler that is set for a particular signal in a process? I'm sure the source was compiled with cc -g. Solaris 8

    Hello Haritha,
    Please follow the path.
    Go to RSA1 -> Metadata Repository ->DataStore Objects(ODS) -> Find you DSO(ODS) there and click on that, you will get all the details(Queries, Objects - Char, Key figures, update rules,etc..) related to that particular DSO(ODS), same is the case for Cube as well.
    Please assign points.

  • How to find all the tables associated for a particular transaction

    Hi-
    May I know how to find all the tables, related(foreign key) tables for a transaction within SAP GUI?
    Up to my technical knowledge, this can be achieved by looking database diagrams from DB level. But that would be for entire database as a whole. What I'm expecting is to see transaction level relative tables that too from SAP GUI. Please share the possibilities if any.
    Regards
    Sekhar

    Dear Micky Oestreich
    May be we possess expertise or high level experience, it should not show up in our way of communication. Every professional starts with the basic stuff to learn. When the question is raised in such minimum polite way, the same level of courtesy is expected in return. If you felt my question was basic, you might have refused it gently. If you are in good mood or bad mood it doesn't matters.
    Hi Vengal Rao
    Thanks for your response. It helped me.
    Regards
    Sekhar

Maybe you are looking for

  • LabVIEW 8.5 Executable on Windows System 7 64-bit

    I have a program that uses the Vision RTE and LabVIEW 8.5.  The Program was written and compiled on a PC with Windows XP (32-bit).  A customer installed the program onto a PC with System 7 64-bit and is having problems running the program.  Is there

  • Macbook pro a1278 magsafe

    I have a mid 2010 Macbook Pro a1278. When I plug in the magsafe it is green and then changes to orange and charges the battery. As soon as I hit the power button the light goes to green for about 10s and then back to orange. The macbook does not star

  • Creative GigaWorks Pro Gamer G500 Speaker wire question

    Hi, I have the creative gigaworks pro gamer speaker system but need to obtain some extra wire for the speakers to I can set them up around my room correctly. Would anyone have any suggestions of the type of wire to get hold of, room dimension is 98 i

  • Publishing a BEx Query reports from BI Portal to Main portal

    Hi,      We have 2 portals in out landscape. BI system has its own portal and the main portal for the commercial users. I have a requirement to bring BEx query Reports to Main portal. I am wondering, how this can be done. Thanks Sam

  • APPLICATION HAS STOPPED WORKING

    Our team has developed a composite WPF application, MVVM architecture, targeting Framework 4.0, VS2012, VB.NET. We are using the Prism library. I have created an InstallShield Limited Edition Setup and Deployment Project for Windows install. For test