Thanks for the reply Julius.

I need to restrict certain set of vendors accessing Vendor: Payment Transaction screen where the vendors Bank Details are displayed. Can we restrict this using certain Auth Grp for that vendor.

When i traced it is hitting F_LFA1_BEK auth object and Authorization field BRGRU. The BRGRU value is the one what i have defined in XK02 for that particular vendor and added that value in SU24.

Any thoughts on this

Hi Vamsi,

I am not sure whether that can be done using authorizations. I am also not sure whether you need to use authorization security, when some customizing can do it.

Ask your Accounts Payable functional support to look into "Screen Layout per Activity (Vendors)". You can then hide the Bank Details.

Note: According to the documentation, you should use it in exceptional cases only and it is valid for the whole transaction (not just the vendor group).

Cheers,

Julius

My suggestion is the opposite of solution. But it will affect all vendors and all users of the transaction.

You can also control the screen by Company Code, but I am not aware of any way to do it per vendor group.

Cheers,

Julius

Good Morning Julius

I have tried doing the changes for a particular vendor surpassing the payment transactions screen. It works fine while using the XK03 t-code. When the user wants to create a vendor using XK01 under that vendor account grp it is bypassing the payment transaction screen and user cannot any bank a/c information for the vendor. Any thoughts on this

Thanks

KV

Hi Vamsi,

My first thought is that at the time of creating a vendor (XK01), there are no payment transactions (yet).

Please explain what the security thoughts are?

Cheers,

Julius

As per the requirement the certain users who maintain the XK01 needs to have the payment transactions screen where they specify the Banking account info. and the users who just use xk03 should not have banking account info displayed

Hi Vamsi,

Does FK01 and FK03 behave the same way? Though I am still not sure what the intended way is.

I think that you need to check with your AP functional support about the customizing options and choice of transaction used.

If you would like to, I can move this to one of the /community [original link is broken]. Most of these type of questions about screen layouts and flows are asked and answered there.

Of course, if it turns out that there is a security solution to this, then we can "steal" it back again.

Cheers,

Julius

Hi Julius

We have decided to define Auth Grp for that particular vendor and exculde that value from the F_LFA1_BEK auth object and use user exit in the BADI. The user exit will check for the auth grp and if the user does not have that auth grp in his roles it will by pass the account info screen. So this way we dont have to make any changes to the config.

Anyways thanks for all ur thougts and suggestions. I have added 10 points to you

Hi Vamsi,

At the risk of loosing my points again...

If you check actvt '03' in your F_LFA1_BEK authority-check, then the user will obviously not be able to display the vendor at all. So you will need to use some other activity - but there is none for "display fields except accounting data".

So you would need to use the system in a manner which is inconsistent with the authorization concept for this object - F_LFA1_BEK. That will make it more difficult to audit or someone else to maintain later on - even if you do document it well...

Another aspect is, do you also want to prevent the AP clerks processing an invoice for this vendor group from seeing the bank details? I am not sure whether coding a user-exit into FK03 / XK03 will do that, but customizing can do it.

Just ideas, because it is an interesting topic.

Cheers and enjoy the weekend,

Julius