F-02 without Acct typ K, D but posting with trading partner allowed

Dear Experts,

I want to implement the authorization on F-02 for the GL team, they do not be able to post a transaction on a vendor or debtor with the posting key 31, 01 for example.

In PFCG and the F_BKPF_KOA object, I put only Account type = S, and it works very well. But this team have to be able to post with trading partner for cross-company code, example :

PstKy 40 : 130000 in Co code 2000

PstKy 50 : 760000 in Co.code 1000

For this posting the system will generate :

001 :40 130000 Bank xx CoCode2000 800.00

002 :50 760000 Expense CoCode 1000 800.00-

003 :31 KR1000 Kr2000 CoCode 2000 800.00-

004 :01 DR2000 Dr1000 CoCode 1000 800.00

It will be not possible because of the F_BKPF_KOA with the only Account type = S. It required to have also Account type = D + K. If I implement the D and K, the team will be able to post other debtor and creditor, and we do not allowed that.

I saw and tried other authorization object F_KNA1_BED , F_KNA1_GRP ; F_LFA1_BEK ; F_LFA1_GRP ; and activated the authorization field in the vendor/customer master data and populate it, but it does not work. It is required Account type = D + K, and the GLteam can post other debtor/creditor category of that those indicated in the master data, and the authorization object.

How can I implement that, it is my first little project in security and I have an issue.

Thanks.