I want to implement the authorization on F-02 for the GL team, they do not be able to post a transaction on a vendor or debtor with the posting key 31, 01 for example.
In PFCG and the F_BKPF_KOA object, I put only Account type = S, and it works very well. But this team have to be able to post with trading partner for cross-company code, example :
PstKy 40 : 130000 in Co code 2000
PstKy 50 : 760000 in Co.code 1000
For this posting the system will generate :
001 :40 130000 Bank xx CoCode2000 800.00
002 :50 760000 Expense CoCode 1000 800.00-
003 :31 KR1000 Kr2000 CoCode 2000 800.00-
004 :01 DR2000 Dr1000 CoCode 1000 800.00
It will be not possible because of the F_BKPF_KOA with the only Account type = S. It required to have also Account type = D + K. If I implement the D and K, the team will be able to post other debtor and creditor, and we do not allowed that.
I saw and tried other authorization object F_KNA1_BED , F_KNA1_GRP ; F_LFA1_BEK ; F_LFA1_GRP ; and activated the authorization field in the vendor/customer master data and populate it, but it does not work. It is required Account type = D + K, and the GLteam can post other debtor/creditor category of that those indicated in the master data, and the authorization object.
How can I implement that, it is my first little project in security and I have an issue.