Skip to Content
avatar image
Former Member

Restrict display and posting for specific document types

Hi,

Is it possible to restrict display and posting for specific document types? I want to restrict authorization to SM document type in FS10N, and KSB1 tcode. Please help

Best Regards,

KIRAN.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Dec 28, 2010 at 08:53 AM

    You can use object F_BKPF_BLA to restrict display and posting access for specific document types.

    The object has following fields:

    Activity (ACTVT)= Input value 03 for display

    Authorization group (BRGRU) = specific document types to be restricted. It can be freely defined by you

    Please change the SU24 check indicator status to "Check/maintain" for this object for tcode FS10N so as to pull the authorization object automatically when these are added to roles in PFCG.

    As per my knowledge, Tcode KSB1 cannot be restricted on Document types but it can be restricted on Vendors (F_BKPF_BEK), Company codes (F_BKPF_BUK) or Account types (F_BKPF_KOA).

    Thanks

    Sandipan

    Add comment
    10|10000 characters needed characters exceeded

  • Dec 28, 2010 at 09:01 AM

    Hi Kiran,

    Sandipan is right that for FI document types the object is F_BKPF_BLA. However for these 2 transaction (FS10N, KSB1) I am doubt whether they check for this object or not. As these transations are for G/L Ac and cost center respectively.

    Regards,

    Arpan Paik

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 28, 2010 at 09:20 AM

    Hi,

    Check the below SAP note:

    Note 150496 - F_BKPF_BLA: Authorization for document types

    Regards,

    Raghu

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Best way to identify the authorization objects based on which you can restrict your tcodes is to execute the tcodes and use its functionalities on different screens extensively (or have a FI functional consultant execute them) in your system (you might need an user id with some wider authorizations) and record the authorization objects being checked while using all the required functionalities within a tcode via a system trace(ST01) then you can put the required field values for those objects in your role via PFCG to match your business requirement.

      Refer[wiki|http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationTraceintransactionST01] for detailed steps of using ST01 trace. Make sure you are on same application server as your user( tcode AL08) and switch app server if required via tcode SM51.

      Also, check tcode SU24 or table USOBT_C for the list of check\maintained authorization objects attached to your tcodes, these objects are inserted into the role when tcodes are added to PFCG role menu.

      Thanks

      Sandipan

      Edited by: Sandipan Choudhury on Dec 28, 2010 9:05 PM

  • avatar image
    Former Member
    Dec 29, 2010 at 09:22 AM

    Thank you experts. I will go through the recommendations

    Add comment
    10|10000 characters needed characters exceeded