Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization to Customize Tcode FBS1 Parked Documents

Go to solution
Former Member

‎05-08-2009 8:18 PM

0 Kudos

Security Experts,

We created a Z version of transaction code FBS1 reason was to activate the park document option. Problem is that we moved the new tcode into production the next step was to assign the tcode to the various single roles in accounting. however I am seeing two issues,

1- If user has access to FBS1 they can also access ZFBS1 without the tcode being added to their role. user does not have SAP ALL. And When I run a report of executable tcode by this same user new tcode does not comes up. Not sure if after I take out the access of FBS1 it will get fixed. Not sure where to look in security to see if there are any other tcodes like this, where user have access when they are assign to their role.

2- It appears that ZFBS1 behaves different when user have access to FBVO, if user has access to FBVO then ZFBS1 does not park it posts automatically.

Your help will be greatly appreciated,

1 ACCEPTED SOLUTION

Go to solution
sdipanjan
Active Contributor

‎05-08-2009 10:03 PM

0 Kudos

Hi Frank,

Please check the comments below:

>

> 1- If user has access to FBS1 they can also access ZFBS1 without the tcode being added to their role. user does not have SAP ALL. And When I run a report of executable tcode by this same user new tcode does not comes up. Not sure if after I take out the access of FBS1 it will get fixed. Not sure where to look in security to see if there are any other tcodes like this, where user have access when they are assign to their role.

Sol: Please check S_TCODE in the role whether it contains any value as "Z*". If not let me know.

>

> 2- It appears that ZFBS1 behaves different when user have access to FBVO, if user has access to FBVO then ZFBS1 does not park it posts automatically.

Sol: ZFBS1 cotains the same program as FBS1 and thus checking same objects. These objects are same as checked for FBV0. Though you are restricting values in for ZFBS1, but it is providing other authorizations from the values assigned for FBV0.

Please let me know your further concerns.

Regards,

Dipanjan

9 REPLIES 9

Go to solution
sdipanjan
Active Contributor

‎05-08-2009 10:03 PM

0 Kudos

Hi Frank,

Please check the comments below:

>

> 1- If user has access to FBS1 they can also access ZFBS1 without the tcode being added to their role. user does not have SAP ALL. And When I run a report of executable tcode by this same user new tcode does not comes up. Not sure if after I take out the access of FBS1 it will get fixed. Not sure where to look in security to see if there are any other tcodes like this, where user have access when they are assign to their role.

Sol: Please check S_TCODE in the role whether it contains any value as "Z*". If not let me know.

>

> 2- It appears that ZFBS1 behaves different when user have access to FBVO, if user has access to FBVO then ZFBS1 does not park it posts automatically.

Sol: ZFBS1 cotains the same program as FBS1 and thus checking same objects. These objects are same as checked for FBV0. Though you are restricting values in for ZFBS1, but it is providing other authorizations from the values assigned for FBV0.

Please let me know your further concerns.

Regards,

Dipanjan

Go to solution
Former Member
In response to sdipanjan

‎05-12-2009 4:40 PM

0 Kudos

Hello Dipanjan, I went into Authorization obejct S_Tcode and it does not contain Z* it has regular tcodes such as FBS1, 4KE5, FB60, FB70 etc but not Z, any ideas?

Go to solution
Former Member
In response to sdipanjan

‎05-12-2009 7:07 PM

0 Kudos

Dipanjan,

I now removed both tcodes FBS1 and ZFBS1, user can still access tcodes.

Any ideas will be appriciated.

Go to solution
sdipanjan
Active Contributor
In response to sdipanjan

‎05-12-2009 7:38 PM

0 Kudos

Hi,

> I now removed both tcodes FBS1 and ZFBS1, user can still access tcodes.

You mean to say, user can still access ZFBS1, correct? Then please check S_TCODE in all roles. I think there is Z* kept in some role. To check this you can follow the following steps:

TCode: SUIM -> Users by Complex Selection Criteria -> Put the user name and execute -> Click on the "Display Details" button or Just press F2 -> Select the node showing user name and Click on "Select/Expand subtree" -> put S_TCode at "Authorization Objects" field -> Execute.

Check the entries in the screen for all Authorization profiles for the user.

Does the user has authorization to TCodes FBB1, FBR2? These TCodes call FBS1 internally.

> Any ideas will be appriciated.

Let me know your comments.

Regards,

Dipanjan

Go to solution
Former Member
In response to sdipanjan

‎05-12-2009 7:40 PM

0 Kudos

Frank,

If the user has more than one role, you will need to check if any of the roles has Z* as Dipanjan suggested.

Then, once the changed role is verified in Production, ensure that the User Comparison is run.

Hope this helps!

PJ

Go to solution
Former Member
In response to sdipanjan

‎05-14-2009 6:19 PM

0 Kudos

After going thru all the single roles I found a double entry for S_TCODE that had an * after I deleted the authorization object user no longer had access to ZFBS1, thank you for your help.

Go to solution
Former Member

‎05-12-2009 1:11 PM

0 Kudos

> We created a Z version of transaction code FBS1 reason was to activate the park document option.

Just wanted to know out of curiosity. Is there any particular reason in creating custom t-code for parking the documents when there are SAP standard t-codes for the same purpose. (for example: FBV1)?

Regards,

Go to solution
Former Member
In response to Former Member

‎05-12-2009 2:11 PM

0 Kudos

Sure Lakshmi,

Surely you can use FBV1 to park JE, however this tcode does allow you to park accruals and the reverse them. We use FBV1 to park straight JE, and we also use FBS1 to post accruals because it gives you the option to enter a date as to when these postings are to be reverse the following month. If you look at FBS1 for accruals, click on Fast Entry Screen, then go to upper menu click on document, the option to park is there but it is not active, therefore the help of an ABAPer was use to order to activate park. This way when you enter accruals and park them they can now be reviewed by management and post thru FBVO and reverse them thru F.81 the following month. This was done in order to bein compliance with SOX, I am not sure why SAP offers the ability to park normal JE but not Accruals.

You can do all of the above thru FBV1 but then you have to reverse manually by entering a second journal entry teh following month, we have too many accruals to be doing that so we wnated to be more efficient for control purposes.

Hope this helps.

Go to solution
Former Member

‎05-28-2010 3:32 PM

0 Kudos

> We created a Z version of transaction code FBS1 reason was to activate the park document option.

can you tell me how to create the ZFBS1 from FBS1 ?

I'm try to enable the park functionality in FBS1 but no solution yet.

Thank you !

Tony