Hello all,
There is a business requirement to remove the ability to post
Financial documents from a particular FI role. We are using a
job role (for the most part, one SAP role per user) approach.
For the transaction codes FBV2, FBV3 and MIR4, they would like to
remove the ability to post. The relevant auth. object for
posting is object F_BKPF_BUK, Vendor: Account Authorization. In
this role, the ability to post (which is actually activity 01,
create), has been removed; however, the role still has the
ability to post the documents.
I executed an auth. trace for each transaction code and the only
activities outside of 03 or 77 (pre-enter) are checked in this
object. I also verified that none of the other roles assigned to
the test ID (a FI reporting and display role) have this
authorization object with 01 in the activity field.
As a sanity check, if anyone has removed posting access from
specific FICO roles, please confirm that this authorization
object is the correct one. I believe I've done the standard
security 'debugging' steps and now I am stuck.
Also, other transactions with posting access FV60 and FBV6 are
restriction from posting by removing activity 01 from objects
F_BKPF_BLA and F_BKPF_KOA.
Thanks in advance for your help!