Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Authorization for VAP2 in conflict with VD02 for F_KNA1_GRP

Hi experts,

Our sales people need create, change and display access for contact persons (VAP1-2-3) of all customer account groups (F_KNA1_GRP). Meanwhile they also need to be able to create, change and display prospects (account group 0005). For changing prospects, you need access to S_TCODE VD02, but the users should not have access to other customer account groups (eg sold-to or ship-to parties) while using VD02. Can this be done?




> I created a second role with VAP2 as S_TCODE


The calling transaction takes care of what can be navigated in the called transaction's context, if it cannot be accessed directly.

What you could also try is a combination of F_KNA1_AEN (optional authorization to change fields of the groups, as a protective mechanism), then disable VD02 for the VAP2 in SE97 and disable F_KNA1_AEN in SU24 for VAP2.

Might work... (just a brain-storm...



0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question