Thank you for your answer.

If I put 03 for the other objects, maybe 10 will not work even if it is put on the only object I want to control (fund center).

You don't think so ?

You have a few options here.

1. If you want a display only role give 03 for all the objects. 10 will work for only that object that you mentioned and not the others. So ,if you give 03 to all the objects and it needs an activity 10 for some other objects, it will complain.

2. Coming back to your question of what you should do about the other objects, that you need to maintain.

If you have other Tcodes in the role that allow change access, giving 03 will cause them to not work the way they should. So if the activity is already populated, I would keep it and allow access to the other fields in it.

If the activity is not populated, disable the object. Follow this for all the objects and all of them should be green.

Hope this helps.

Kunal

This anwer gives some possible errors. It sometimes is not possible to give change in combination to display even while it is meant to be for different TRX.

So when ever the user has been given other actvivitys than 03 and 10 in any other role to similar objects one should always perform a negative authorisation test.

This is actually the reason why enduser role combinations should always be negative tested!

Testing of stand alone roles is only the first step in testing roles.

Edited by: Auke Visser on Mar 4, 2008 8:33 AM

HI MAZ,

You should enter a value in the field Authorisation Group (Field FM_AUTHGRC) in the Funds Center Masterdata. With authorization object F_FICA_FSG you should then be able to restrict on funds center.

The only prerequisite is that SAP performs an authorisation check on this object.

Hope this helps you.

Hi Maz,

How do we define auth group in customizing in Fund management?

Can you provide some steps and tcodes to do it?

I am looking for this to achieve fund center level restriction.

Thanks

Siri