Skip to Content
0
Former Member
Jun 18, 2009 at 09:43 AM

How to restrict provide to a single account(by authorization object)

11 Views

Hello, i have two types of accounts.

Account range 1: 10000000 -19999999

Account range 2: 20000000 - 29999999

For range 1 i have assigned authorization group AUT1.

For range 2 i have assigned authorization group AUT2 (by transaction OB_GLACC12).

So the general idea is some users will have access only to group 1 , etc. i have used autorization object F_BKPF_BES in the role btw.

I have created 4 roles:

1) RANGE1_ALL (means user can create / modify delete GL from range 1)

2) RANGE1_DISP(means user can only disp GL from range 1)

3) RANGE2_ALL(means user can create / modify delete GL from range 2)

4) RANGE2_DISP(means user can only disp GL from range 1)

If i give RANGE1_ALL + RANGE2_DISP to the user, he can create/modify/delete for range1 and only display GLS from range2.

Now the problem is if i want user to create/modify/delete for range1 but only display a specific account from range 2 ; say GL 29999000.

Which authorization object can i use to specify the range 2 GL account directly?thx.