cancel
Showing results for 
Search instead for 
Did you mean: 

Restriction on t. code FBL5N to view Customer A/C Details

Former Member
0 Kudos

Hi Friends,

Any user can see any customers A/C details using t. code FBL5N where as

we have restrcted that users by their respective sales offices but by

using the above t. code they can see the details of any other customres.

Please tell us how can be restrict the same.

Regards

Ganesh Datt Tiwari

Accepted Solutions (0)

Answers (4)

Answers (4)

moazzam_ali
Active Contributor
0 Kudos

Dear Ganesh

I have a standard solution for you if you are comfortable with this. We are also doing the same in our company. We have maintained sales offices but unfortunately sales office is for SD not for FI. There are also many other transactions where sales office is not checked in FI. But there there is field Authorization in company code data in customer master. You have to maintain sales offices here too. You can use LSMW for this or MASS or ABAP upload for one time activity and for new customers this field must be filled with the same value which is in sales office. System will check this field in object F_BKPF_BED and give authorization issue if a customer have not assigned his sales office in this field. I have attached screens too for your clear understanding.

Now if you check in SU53.

Former Member
0 Kudos

Hi MoazzaM,

Thanks for your valuable reply.

We are little bit in confussion that the authorization group will be maintained all the customers and then this will work or can be do it for few customers for testing in our quality server ?

Same authorization group object  F_BKPF_BED should also be maintained in roles of users also ?

Regards

Ganesh Datt Tiwari

moazzam_ali
Active Contributor
0 Kudos

Hi ganesh

You can test this on a single customer too. Maintain sales office ABC in Authorization field and in object F_BKPF_BED add XYZ in user role. System will not open FBL5N for this customer until authorization field value and object F_BKPF_BED value is same. Test this on a single customer and reply. If it works then you can maintain sales office in Authorization field for all customers.

Thanks

eduardo_hinojosa
Active Contributor
0 Kudos

Hi Ganesh,

Your requirement is not supported, because the auth.object required isn't in the standard. You have two options (try them). Use an standard auth.object or create your own auth.object (use the SAP Note 105621 - Authorization check for the condition screen as a guide)

1. If you are in ECC6.0 set an implicit enhancement in the form 'sel_account_check' in report RFITEMAR (FBL5N) in the event AT SELECTION SCREEN (before the standard auth.objects are called).

2. The cleaner solution. Create a customer report with the same selection screen than FBL5N. This report will do two things. Before check your security requirements with the proper auth.object (in the event AT SELECTION SCREEN), after START-OF-SELECTION do the submit to RFITEMAR with the values (here, the standard FBL5N will run the security checks).

I hope this helps you

Regards

Eduardo

former_member184080
Active Contributor
0 Kudos

Hi,

Sales office Information will not flow to FI. In order to check the standard Autho object, please go to SU24 t.code and give FBL5N, you will see the list of all available Auth. objects.

We have to understand your client system design so that we can think of better solution.

You may check Business area if they have defined per sales office.

The Auth object for Business area is : F_BKPF_GSB

Regards, Sai Krishna.

Former Member
0 Kudos

Hi Kesari,

Thanks for your reply.

There is only one business area 0001.

Client system designe is client------company code(sigle)----plant------sales office.

I am BASIS person, if you want any specific to SD, kndly letus know

Regards

Ganesh Datt Tiwari

former_member184080
Active Contributor
0 Kudos

Hi Ganesh,

This can't be achieved with standard SAP functionality. Let me think of alternatives. Hope we may see an expert answer from others.

Regards, Sai Krishna.

Lakshmipathi
Active Contributor
0 Kudos

The following objects are related to FBL5N

  • F_SKA1_BUK        G/L Account: Authorization for Company Codes
  • M_RECH_WRK      Invoices: Plant
  • S_USER_GRP       User Master Maintenance: User Groups

and with the help of your basis team, remove the above objects from the users' role.


G. Lakshmipathi

Former Member
0 Kudos

Hi Lakshmipathi,

I have removed the objects from the roles where it was.

But problem is same.

Regards

Ganesh Datt Tiwari