our requirement is that when the posting period is opened in ob52 all the FI users needs to access that

but for few special persons they need to open it for some extra months also .

in ob52 docu they have given that this could be achieved by auth.group .

my thought of implementing that would be ,

1. created a new auth group using se54 named 'samp'

2. for all the users in PFCG under F_BKPF_BUF instead of giving full auth , i would select F4 and press Select ALL button and then deselect the 'samp' alone

3.now in ob52 for that extra posting period month , this SAMP can be assigned

my doubt is ,

if i give F4 in the F_BKPF_BUF there are more than 500 auth groups , if i give select all button will only the first 500 auth group will be selected ? if so how to select the rest .

what is the importance of the auth group that are getting displayed there

suggest whether i am in the correct direction

Hi Susin,

In OB52, auth group is maintained against the posting periods by teh func team. All you need to do is enter that value in the object field, no need for using F4 etc.

but i just want to know the importance of the values that we get when we press F4 for the object F_BKPF_BUP .

bcoz currently all the users have full authorization .

what would be the effect if i remove the '*' there and give the auth .gp which has been given in the ob52 alone ?

will it effect anywhere else ?

When you press F4 for F_BKPF_BUP it pulls out a list of some auth groups which are configured in the system and can be used for many different purposes.

Auth group is an arbitary field and an option which SAP gives to provide more control in some areas & it's application is widespread and often haphazard.

The only auth groups you are interested in for F_BKPF_BUP are the ones which your func team have assigned against posting periods in OB52. None other matter in this object. If you have * in there then those users will be able to post to all periods protected by an auth group.

If you remove the * & give only what is in OB52 then users will be able to post to that protected period and any open ones which are not protected by an auth group. If you leave it blank then they will only be able to post to periods not protected by auth groups. it will only refer to posting periods and the financial tx which are relevant. You can get a rough list if you search tcodes which are maintained in SU24 for object F_BKPF_BUP (this is only rough list though)

Does that clarify things?

OB52 field is free form, so you dont' have to configure the auth group. As long as you have the exact same values in OB52 and PFCG then it works.

Bree, I agree - I hope that is what I put in my post! Same as most other uses of auth group field

>

> OB52 field is free form, so you dont' have to configure the auth group.  As long as you have the exact same values in OB52 and PFCG then it works.

I haven't ever tried this for OB52, but if you activated S_TABU_LIN for the TBRG object field and there is no reason to grant the other objects to be selected, then the F4 might filter the others out.

I am aware that this does not always work for all F4 help functions, but it might work in this case (for TBRG)?

Cheers,

Julius