F_LFA1_GRP is a master data control auth object. Any reason that you activated this object for FV60?

Your response:

F_LFA1_GRP is a master data control auth object. Any reason that you activated this object for FV60?

My reply:

My user does not have Xk01 or xk02 and I want to restrict to this user to don't create a document for a vendor with a "Vendor account group" : Z999

What can I do if there is any reason to activate this object for FV60?

Thank you.

Edited by: BOBALICE on Nov 4, 2009 11:19 AM

Now, my simple role has FV60 with this values in F_BKPF_BEK:

Activity : * ACTVT

Authorization Group : Z001, Z002, Z011, Z012, Z901 BRGRU

My role is affected for specific user.

But I don't understand why my role allow to create by FV60 a document for a vendor with a "Vendor account group :: Z999 " (I don't have this value in BRGRU !!!)

Thank you.

Hi,

My user is affected to one role, is my simple role.

All the values of "Authorization Group" in F_BKPF_BEK are: Z001, Z002, Z011, Z012, Z901

I have traced the autorizations by ST01 for the user and ST01 does not give any things of F_BKPF_BEK (any problems)

I also have the some problem. (with Z999)

Can you test it in your system?

Thanks.

The user is affected to a one role, there are not others roles affected to this user

F_BKPF_BEK is already validate in FV60 by SU24

I don't understand why this problem

Do you have another idea?

thank you very match.

Yes,

I will chek the underlying program of FV60.

Thank you.

Have you considered using F_LFA1_BEK? It is optional and intended to protect vendor accounts via their group assignment.

It corresponds to the authorization group value on the Company Code data tab in the vendor master <- Important!

Cheers,

Julius

> ... the trace should show if the object is being checked at all.

Before you go the ABAP route, you should read the object documentation in SU21 first and speak to a functional consultant (preferably a good one who understands the use of authorizations and what the ABAP system has to offer...).

Optional objects such as these provide a "selective protection" mechanism for using master data which is dependent on the master data record itself having been protected by the same authorization group value to, for example display the vendor... or to display transaction data records for that vendor. Generally they come in pairs (double trouble) of objects.

Now, if there is no value found on the master record, then the optional object check is suppressed. This also means that if the system first checks for the presence of a value in the LFB1-BEGRU field before performing the check, and there is no value found... then the check is not performed.

=> No use in tracing code which is never reached by the config...

Cheers,

Julius

I Have also actived F_LFA1_BEK in FV60 by SU24, but the same problem: FV60 does not check authorization F_LFA1_BEK :

All objects checking in FV60 (by ST01):

S_TCODE

F_BKPF_BUK

F_BKPF_KOA

S_CTS_ADMI

F_SKA1_BUK

F_BKPF_GSB

F_FAGL_SEG

S_ALV_LAYO

S_GUI

F_FICB_FKR

F_FICA_FSG

F_FMMD_MES

S_DOKU_AUT

S_TRANSLAT

Thanks all.

Edited by: BOBALICE on Nov 11, 2009 5:13 PM

Please go to XK02 and display one of the vendors you are wanting to protect, go to the company code tab and look at the Authorization Group field.

Is there a value in the field looking back at you?

Cheers,

Julius