Skip to Content
avatar image
Former Member

Restriction by fund center

Hi

We are implementing fund management. We have a requirement from the client to restrict the access to change fund centers(FMSB) at fund center level.

Approach followed:

I tried using the authorization group field in the fund center and assigned some value for auth grp field the fund center (master data). I used the same auth grp in FM_AUTHGRC field while creating the role.

However, user is able to change all fund centers irrespective of the fund center they are restricted in the role.

Query:

1. Are there any configuration involved to achieve fund center restriction?

2. Can anyone provide the steps on how to configure authorization group before assigning it to fund center (master data)?

3. If fund center level restriction can be achieved, can we move this field (FM_AUTHGRC) to org level in profile generator? Is it a good practice to maintain this auth group at org level to enable master-derived role strategy.

I already searched in the forum and could not find any threads with a solution for this query.

Appreciate your response.

Thanks

Siri

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Sep 18, 2008 at 08:49 PM

    You can add the authgroup to the org level by executing PFCG_ORGFIELD_CREATE and adding the field FM_AUTHGRC.

    All Fund Centers must have the auth group filled in. If any have a blank, then they can be seen by anyone.

    Thanks,

    Peggy

    Add comment
    10|10000 characters needed characters exceeded

  • Dec 01, 2008 at 10:46 PM

    Hello Siri,

    I started with SDN yesterday and I am not sure if you still have this doubt but anyway I will try to help you 😊

    Please check if your authorizations is working according to system was designed.

    In transaction code FMSC (fund center master data) it is available the field 'Authorization Group' the same used in the authorization rules.

    It is not the 'fund center' field itself, is the group that you are grouping the fund centers for authorization purpose.

    If in the table FMFCTR for your FMAREA if you have the same content for all records to this field this means that all your funds center will be part of the SAME authorization group.

    So, you should consider within your company to divide the authorization groups according your needs and adjust your roles in PCFG accordingly. Then your authorization will work fine.

    If you check available authorizations in tx code SU24 you will see:

    F_FICA_FOG Funds Management: authorization group of fund

    F_FICA_FPG Funds Management: authorization group for the cmmt item

    F_FICA_FSG Funds Management: authorization group for the funds center

    If you are using BCS assigning only the authorization object f_fica_fsg could be not enough. You have to use the authorization object 'F_FMBU_ACC'. There is a short documentation in SU03 for this authorization object.

    If we take as an example the way that funds center work, if you do not have authorizations group in your funds centers, there is no check, regardless if you specify something or not in the role definition. In

    any case, * will means that authorization exist for all authorization group.

    I guess you should either specify a list of authorized funds center in the role, or assign a specific authority group to the funds center for which you do not want to allow posting.

    Use transaction SU53, SU56, SU01 and SU24 to trace authorizations.

    I hope this helps you to configure your authorizations 😊

    Best Regards,

    Vanessa Barth.

    Add comment
    10|10000 characters needed characters exceeded