Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization Group

Go to solution
Former Member

‎05-20-2007 3:15 PM

0 Kudos

HI EXPERT!!!

My FI Consultant required to put the authorization group on the followiing transaction code, FK10N,FB60 & FBCJC0. FI Consultant not aware that which authorzation group will be set in the following object in the PFCG.

He want to set the authorzation on the following transaction that other Business Area people not able to maintain cross business area data.

How will i create authorzation group and how to set the related parameters with that created authorzation group...step by step required.

Regards

Anwer Waseem

SA PBASIS

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎05-21-2007 6:16 AM

0 Kudos

Hi Anwer,

Below is the detailed solution.

As you may be aware, the authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity.

TOBJ-- table contains all authorization objects.

TACT-- table contains all activities.

TBRG--table contains definition of all authorization groups.

TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group.

For your case i understand that you need to create a new authorization group including all the auth objects involved (auth obj's involving transactions FK10N,FB60 & FBCJC0) to be grouped under this. To do this first we need to identify the auth. objects which will be checked under these transactions and have a field 'DICBERCLS' --(authorization group) in them.

my observation is as follows..

Transaction Auth.Object

FK10N F_KNA1_BED

FB60 F_BKPF_BEK, F_BKPF_BLA

FBCJC0 S_TABU_DIS

As i said earlier table for authorization groups is TBRG , but authorization groups are normally maintained using table views.

The view that suits your purpose is V_TBRG...(for first 3 auth. objects mentioned above)....for object S_TABU_DIS you can use view V_BRG.

Solution :

Go to SM30......

give view as V_TBRG .. and click on maintain tab ....give the auth obj (for example F_KNA1_BED)..and enter. In the next screen you can choose new entries and give a new Authorization group name and its description.

You can repeat this activity for all the objects with same auth. grp name.

Now once you are ready with this newly created auth.grp , you can set this auth.grp according to your requirements in different roles/actvity groups.

<removed_by_moderator>

With warm regards,

Raju.

Edited by: Julius Bussche on Mar 13, 2008 9:34 AM

4 REPLIES 4

Go to solution
Former Member

‎05-20-2007 6:25 PM

0 Kudos

Hi,

First get the list of tables that are associated with these transactions. For example the transaction FK10N takes into account special GL postings. These are in table LFC3.For this case, SAP delivered tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT and the checked authorization object is S_TABU_DIS. If the user wants to access this table must have authorization object S_TABU_DIS in his or her profile and also access to the authorization group.

Regards,

Bharath

Go to solution
Former Member

‎05-21-2007 6:16 AM

0 Kudos

Hi Anwer,

Below is the detailed solution.

As you may be aware, the authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity.

TOBJ-- table contains all authorization objects.

TACT-- table contains all activities.

TBRG--table contains definition of all authorization groups.

TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group.

For your case i understand that you need to create a new authorization group including all the auth objects involved (auth obj's involving transactions FK10N,FB60 & FBCJC0) to be grouped under this. To do this first we need to identify the auth. objects which will be checked under these transactions and have a field 'DICBERCLS' --(authorization group) in them.

my observation is as follows..

Transaction Auth.Object

FK10N F_KNA1_BED

FB60 F_BKPF_BEK, F_BKPF_BLA

FBCJC0 S_TABU_DIS

As i said earlier table for authorization groups is TBRG , but authorization groups are normally maintained using table views.

The view that suits your purpose is V_TBRG...(for first 3 auth. objects mentioned above)....for object S_TABU_DIS you can use view V_BRG.

Solution :

Go to SM30......

give view as V_TBRG .. and click on maintain tab ....give the auth obj (for example F_KNA1_BED)..and enter. In the next screen you can choose new entries and give a new Authorization group name and its description.

You can repeat this activity for all the objects with same auth. grp name.

Now once you are ready with this newly created auth.grp , you can set this auth.grp according to your requirements in different roles/actvity groups.

<removed_by_moderator>

With warm regards,

Raju.

Edited by: Julius Bussche on Mar 13, 2008 9:34 AM

Go to solution
Former Member
In response to Former Member

‎02-28-2008 12:32 PM

0 Kudos

H raju,

Theirs one transaction of MM SK01 which is used for creating vender so their requirement is that SK01 transaction is authorized to two person so suppose their r five vendors created,one user should have access to only the two venders and the second user should have access to the other three.

This can be done by using authorization group but dont know how.

Plz help me out

Go to solution
Former Member

‎05-23-2007 9:37 AM

0 Kudos

Hi

U can use the t-code SE54 for creating the new auth group.

Regards

Anil