- SAP Community
- Groups
- Industry Groups
- SAP for Public Sector
- Discussions
- Restriction by fund center
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Restriction by fund center
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-16-2008 3:17 PM
Hi
We are implementing fund management. We have a requirement from the client to restrict the access to change fund centers(FMSB) at fund center level.
Approach followed:
I tried using the authorization group field in the fund center and assigned some value for auth grp field the fund center (master data). I used the same auth grp in FM_AUTHGRC field while creating the role.
However, user is able to change all fund centers irrespective of the fund center they are restricted in the role.
Query:
1. Are there any configuration involved to achieve fund center restriction?
2. Can anyone provide the steps on how to configure authorization group before assigning it to fund center (master data)?
3. If fund center level restriction can be achieved, can we move this field (FM_AUTHGRC) to org level in profile generator? Is it a good practice to maintain this auth group at org level to enable master-derived role strategy.
I already searched in the forum and could not find any threads with a solution for this query.
Appreciate your response.
Thanks
Siri
- SAP Managed Tags:
- Public Sector
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2008 9:49 PM
You can add the authgroup to the org level by executing PFCG_ORGFIELD_CREATE and adding the field FM_AUTHGRC.
All Fund Centers must have the auth group filled in. If any have a blank, then they can be seen by anyone.
Thanks,
Peggy
- SAP Managed Tags:
- Public Sector
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2008 10:46 PM
Hello Siri,
I started with SDN yesterday and I am not sure if you still have this doubt but anyway I will try to help you
Please check if your authorizations is working according to system was designed.
In transaction code FMSC (fund center master data) it is available the field 'Authorization Group' the same used in the authorization rules.
It is not the 'fund center' field itself, is the group that you are grouping the fund centers for authorization purpose.
If in the table FMFCTR for your FMAREA if you have the same content for all records to this field this means that all your funds center will be part of the SAME authorization group.
So, you should consider within your company to divide the authorization groups according your needs and adjust your roles in PCFG accordingly. Then your authorization will work fine.
If you check available authorizations in tx code SU24 you will see:
F_FICA_FOG Funds Management: authorization group of fund
F_FICA_FPG Funds Management: authorization group for the cmmt item
F_FICA_FSG Funds Management: authorization group for the funds center
If you are using BCS assigning only the authorization object f_fica_fsg could be not enough. You have to use the authorization object 'F_FMBU_ACC'. There is a short documentation in SU03 for this authorization object.
If we take as an example the way that funds center work, if you do not have authorizations group in your funds centers, there is no check, regardless if you specify something or not in the role definition. In
any case, * will means that authorization exist for all authorization group.
I guess you should either specify a list of authorized funds center in the role, or assign a specific authority group to the funds center for which you do not want to allow posting.
Use transaction SU53, SU56, SU01 and SU24 to trace authorizations.
I hope this helps you to configure your authorizations
Best Regards,
Vanessa Barth.
- SAP Managed Tags:
- Public Sector
