on 11-12-2010 3:17 PM
I am in need to EXCLUDE a specific G/L account from being selected, from the drop down list, when executing FB60 (Enter Vendor Invoice) to create a new vendor invoice ?
1) Is this doable ?
2) Could this be done programmatically (ABAP team) ?
3) Could this be done at Security Role level (Basis & Security ABAP team) ?
Thank you in advance!
Best regards,
Tom
Moderator: Validation will be a solution post-factum - user won't be able to post against this GL, but it still could be selected. Please, search SDN: these questions have been asked before
Dear Tom,
if You define the authorization Group into transaction FS00 --> Control data, the relevant authorization object will be F_BKPF_BES. If You define the authorization into Your vendor master data (LFB1-BEGRU), the relevant authorization object will be F_BKPF_BEK.
I hope this can help You.
Mauri
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Amuri, thank you for your reply!
YES, we define the authorization Group via FS00 --> Control data, which means the relevant authorization object will be F_BKPF_BES.
As I said earlier, the corresposing field will be BRGRU and and not BEGRU.
Then the question is, WHICIH AUTHORIZATION GROUP DO I SET, for the value of BRGRU, there are thousands !!
Best regards,
Tom
Hi,
As per my knowledge, easiest and best solution is USE VALIDATION. 2nd option I see is using enhancements, we can perform this. Fot enhancements option, you need to contact your ABAPer.
Sudhaker
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Just block that GL account for postings in GL master record.
Thanks
Z.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Tom,
yes, Your idea is correct; so please use the field BEGRU to exclude a G/L account to be selected.
The only thing I can add is that the SAP Standard System does not check the Authorization field empty
(BLANK).
I hope this helps You.
Mauri
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mauri, thank you for your reply!
You meant to say the field BRGRU and not BEGRU, correct ?
Well, that's the Authorization Group authorization object, I thought about it from the beginning, but there are thousands Authorization Groups, which one do I choose, or should I create a new one ?
I am sure this a 'common' request, where people would ask for; I wonder if SAP has already provided a 'solution' for it.
Best regards,
Tom
Hi Tom,
BEGRU is the field name and BRGRU is the data element.
BEGRU is a freely definable field, so you can enter any value that you like, for Ex: "ZZZZ" and give to your basis team, to give restricted authorization based on this field and value and you will achieve what you want to..
Regards,
SAPFICO
Hi SAPFICO, thank you for your reply!
My Basis/Security team has sent me the following.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
BRGRU is the 'field' from the F_BKPF_BES Authorization Object!
F_BKPF_BES is the 'Accounting Document: Account Authorization for G/L Accounts' Authorization Object.
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
What Authorization Object, the field BEGRU, is associated with ?
Best regards,
Tom
Hi Tom,
As I told you in my previous reply, that the field Authorization object in GL master is a freely definable field and you can go to FS00 and write whatever you want in that field and, for Ex: "ZZZZ" and give it to your BASIS team and you can assign this Authorization Object Key ZZZZ in all the Gl's that you want to restrict.
Regards,
SAPFICO
Hi Tom,
It may be doable from the BASIS side. But the abap program is too much of work that you are thinking for a return of what you want. You can restrict the user for a transacton code level to do posting aginst those GL account by creating a validation rule.
Paul
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Paul, thank you for your reply!
How do I "restrict the user for a transaction code level to do posting against those GL account by creating a validation rule" ?
The t-code remains the same (FB60).
How can I create a 'validation rule', is it done by an authorization object and then by a security role ?
Should I create authorization groups and add G/L accounts into them ?
Best regards,
Tom
User | Count |
---|---|
99 | |
11 | |
11 | |
6 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.