Restricting the posting period to particular users
we have a requrement to restrict the posting periods to limited users only .
when i tried doing it in ob52 , there they say we need to give the authorization group for that particular posting period .
the auth .object 'F_BKPF_BUP' has been assigned with full auth for all the users in our company .
now how to do this . this is my first assignment is security , kindly help me to solve this
Alex Ayers replied
When you press F4 for F_BKPF_BUP it pulls out a list of some auth groups which are configured in the system and can be used for many different purposes.
Auth group is an arbitary field and an option which SAP gives to provide more control in some areas & it's application is widespread and often haphazard.
The only auth groups you are interested in for F_BKPF_BUP are the ones which your func team have assigned against posting periods in OB52. None other matter in this object. If you have * in there then those users will be able to post to all periods protected by an auth group.
If you remove the * & give only what is in OB52 then users will be able to post to that protected period and any open ones which are not protected by an auth group. If you leave it blank then they will only be able to post to periods not protected by auth groups. it will only refer to posting periods and the financial tx which are relevant. You can get a rough list if you search tcodes which are maintained in SU24 for object F_BKPF_BUP (this is only rough list though)
Does that clarify things?