Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Vendor Help - Authorization

Former Member
0 Kudos

Dear All,

In F-47 -- > Vendor -> Account -

How to give authorization to select only Domestic Vendor type to certain users ?

Thanks in advance

Nirav

6 REPLIES 6

Former Member
0 Kudos

Hi Nirav,

You can use the object F_BKPF_BEK for this purpose. In this object you can mention the authorization group (field name BRGRU).

For Eg. for domestic Vendor you can have an authorization group (I think this needs to be maintained in SE11, but I am not sure) and can assign this auth. group to the users through a role.

Regards,

Partha.

Former Member
0 Kudos

Hi Nirav,

Assign an authorization group to the vendors in their master records (XK01/02 or FK01/02 depending on general or company code level data respectively) . You can probably have one auth group for domestic vendors. You can then restrict the users authorization to process or post to the vendor accounts based on the object F_BKPF_BEK Accounting Document: Account Authorization for Vendors as it is mentioned in the post by Mr. Parthsarathy.

Regards,

Subbu

Former Member
0 Kudos

You might also want to consider that your choice of transaction is not optimized.

For example you can choose the "MM views" to restrict access to the vendor type, and then only allow navigation into the accounting views IF the user prior had the authority to display the vendor from their calling transaction.

Cheers,

Julius

0 Kudos

I am having the same requirement. We have to restrict certain vendors from being used for posting.

I have assigned the authorization group XXXX for the vendor through XK01/XK02 ( both in the Accounting Info tab and the Control tab) .

Now I assigned the same auth group through the auth obj F_BKPF_BEK, F_LFA1_BEK in a PO role.

But I am able to create a PO for a user, release it even though I do no have auth for auth group XXXX access. Also, there is no auth check happening for these objects in ME21n/ME29n.

Do we need to turn on any BADI's to enable the auth check for vendor accounts?

Appreciate your suggestions ASAP..

Thanks

Kee

0 Kudos

Hi All,

I also have the same problem here. I assigned an authorization group XX to vendor 1, however, I can still post vendor invoice to all other vendors though I only granted myself with F_BKPF_BEK with BRGRU = A1.

Anyone, pls advise?

Regards

Chin

0 Kudos

This is correct behaviour. It is an optional object to protect accounts which you have assigned auth groups to.

All others which do not have an auth group are not protected by it - the check is suppressed and only the other usual checks take place.

Cheers,

Julius