Skip to Content
0
Former Member
Nov 27, 2006 at 07:19 PM

Removing posting access from txn codes (FBV2, FBV3 and MIR4)

398 Views

Hello all,

There is a business requirement to remove the ability to post

Financial documents from a particular FI role. We are using a

job role (for the most part, one SAP role per user) approach.

For the transaction codes FBV2, FBV3 and MIR4, they would like to

remove the ability to post. The relevant auth. object for

posting is object F_BKPF_BUK, Vendor: Account Authorization. In

this role, the ability to post (which is actually activity 01,

create), has been removed; however, the role still has the

ability to post the documents.

I executed an auth. trace for each transaction code and the only

activities outside of 03 or 77 (pre-enter) are checked in this

object. I also verified that none of the other roles assigned to

the test ID (a FI reporting and display role) have this

authorization object with 01 in the activity field.

As a sanity check, if anyone has removed posting access from

specific FICO roles, please confirm that this authorization

object is the correct one. I believe I've done the standard

security 'debugging' steps and now I am stuck.

Also, other transactions with posting access FV60 and FBV6 are

restriction from posting by removing activity 01 from objects

F_BKPF_BLA and F_BKPF_KOA.

Thanks in advance for your help!