Having taken a look at it, I don't agree with the fact that it recommends to remove the check of f_bkpf_koa in many tcode. For tcd FB05 for example, the Tcode is in functions AP01, AR01, GL01. If we remove the permission check f_bkpf_koa, the authroization check of FB05 in these 3 functions will be exactely the same. And because GL01 conflicts against AP01 and also AR01, every users having FB05 will have conflicts. Same case for FBV0, and also much more other tcds!!!
Does any body have an idea why SAP recommend to remove f_bkpf_koa check in the q2 2009 rule update?