I didn't find anything in the search but RTFM works! I still dont know why this object is there in FBL1N if I cant restrict the report on this object! The document says the object determines which vendor master records can be edited. So I guess there is no standard way to restrict the report on this object than...

Cheers,

CP

Edited by: chinmaya prakash on Apr 14, 2010 1:02 AM

It has to be in the code and it will only be reached if you RTFM further...

I did add a smiley.

Cheers,

Julius

Yes, you are being very polite today!

Edited by: chinmaya prakash on Apr 14, 2010 1:40 AM

So I did read it further, Turns out for this to work properly with accounts we also need to use the object F_BKPF_BEK, which is for the accounting document type. We use the same accounting group for all vendors here. But FBL1N dosent use this object.

In our scenario we have the same accounting group while creating a vendor and we maintain the vendor auth group manually. The Object F_LFA1_BEK works perfectly fine when I want to protect vendor changes/display in XK03. But if I use the same group to restrict in FBL1N it dosent work..

Either I have gone terribly wrong in understanding what this document says or I am just doing it wrong! Can any one please help me out here!

Thanks!

CP

What you need to understand is the meaning of the word "optional" in the documentation.

Lets try RTFC ...

* check authorisations
  IF i_lifnr IS NOT INITIAL.
*     read authorisation group of the vendor
    SELECT SINGLE begru FROM lfa1 INTO l_begru_bek
           WHERE lifnr = i_lifnr.                "<-- This is a condition for the check!
    IF sy-subrc <> 0 AND l_begru_bek IS NOT INITIAL.  "<-- This is how it works optionally.
*       authority-check for kreditor line
      AUTHORITY-CHECK OBJECT 'F_BKPF_BEK'          "<-- Makes the check ONLY if found!
        ID 'BRGRU' FIELD l_begru_bek
        ID 'ACTVT' FIELD l_auth_actvt.
      IF sy-subrc <> 0.
        RAISE not_authorised.
      ENDIF.                            "<-- Otherwise no check.
    ENDIF.
  ENDIF.

Cheers,

Julius

Edited by: Julius Bussche on Apr 14, 2010 1:54 PM

Now that's interesting because this bit of code is not there when I am executing FBL1N! I know you said that condition is not met, So I guess its got to do with that.. Could you please elaborate on the condition you are talking about here....

Edited by: chinmaya prakash on Apr 14, 2010 8:31 PM

> Now that's interesting because this bit of code is not there when I am executing FBL1N!

The check is in several programs. This specific one was just an example.

> I know you said that condition is not met, So I guess its got to do with that.. Could you please elaborate on the condition you are talking about here....

Please take a look in table LFB1 field BEGRU whether the vendor who's account you want to show has an authorization group on it.

If there is no auth group on the company code segment of the master record, then there is no check. The location is in report SAPDBKDF, the logical database program of vendors.

Fair enough, this is more tricky than just reading the documentation...

I apologize. Thanks for being a sport about my comments.

Cheers,

Julius

Hi Julius,

That is exactly my problem,the code here checks for the auth group from the table LFB1 where as auth groups are maintained in the table LFA1!! LFB1 is company code specific data, Even if I create/change a vendor in XK02 using company code data(by choosing company code option available), the table LFB1 does not get updated! I guess I should have mentioned this earlier!

I am good with the comments, I guess I am not the perfect person to explain a problem!

I guess I will have to try out a few more things to find out why this is happening!

Thanks!

CP

The check is there, but as the transaction data in FBL1N is company code dependent, the check is against the B-segment of the master record.

If you cannot see the authorization group field on the company code account data and want to use it, then in SPRO under vendor accounts screen layout definitions you can define the field status.

It sounds like yours is not active. In that case the LDB program will never find a group, so it will never reach the check.

Cheers,

Julius

I can actually see the authorization group in XK02 in company code data as well(I can change it), but it just does not go in LFB1!

Hi chinmaya,

It works on my system (ECC 6.0 EhP 3). Please check your layout definitions in SPRO for the company code accounting data, and any active user exits?

The authorization group must be there, otherwise it will not work.

Cheers,

Julius