04-06-2009 11:03 AM
Dear All,
In F-47 -- > Vendor -> Account -
How to give authorization to select only Domestic Vendor type to certain users ?
Thanks in advance
Nirav
04-06-2009 11:59 AM
Hi Nirav,
You can use the object F_BKPF_BEK for this purpose. In this object you can mention the authorization group (field name BRGRU).
For Eg. for domestic Vendor you can have an authorization group (I think this needs to be maintained in SE11, but I am not sure) and can assign this auth. group to the users through a role.
Regards,
Partha.
04-06-2009 3:13 PM
Hi Nirav,
Assign an authorization group to the vendors in their master records (XK01/02 or FK01/02 depending on general or company code level data respectively) . You can probably have one auth group for domestic vendors. You can then restrict the users authorization to process or post to the vendor accounts based on the object F_BKPF_BEK Accounting Document: Account Authorization for Vendors as it is mentioned in the post by Mr. Parthsarathy.
Regards,
Subbu
04-07-2009 10:28 PM
You might also want to consider that your choice of transaction is not optimized.
For example you can choose the "MM views" to restrict access to the vendor type, and then only allow navigation into the accounting views IF the user prior had the authority to display the vendor from their calling transaction.
Cheers,
Julius
04-15-2009 4:40 PM
I am having the same requirement. We have to restrict certain vendors from being used for posting.
I have assigned the authorization group XXXX for the vendor through XK01/XK02 ( both in the Accounting Info tab and the Control tab) .
Now I assigned the same auth group through the auth obj F_BKPF_BEK, F_LFA1_BEK in a PO role.
But I am able to create a PO for a user, release it even though I do no have auth for auth group XXXX access. Also, there is no auth check happening for these objects in ME21n/ME29n.
Do we need to turn on any BADI's to enable the auth check for vendor accounts?
Appreciate your suggestions ASAP..
Thanks
Kee
04-20-2009 4:56 AM
Hi All,
I also have the same problem here. I assigned an authorization group XX to vendor 1, however, I can still post vendor invoice to all other vendors though I only granted myself with F_BKPF_BEK with BRGRU = A1.
Anyone, pls advise?
Regards
Chin
04-20-2009 9:26 AM
This is correct behaviour. It is an optional object to protect accounts which you have assigned auth groups to.
All others which do not have an auth group are not protected by it - the check is suppressed and only the other usual checks take place.
Cheers,
Julius