Skip to Content
author's profile photo Former Member
Former Member

Vendor Authorization using User Role/profile

Hi All,

I know this has ben discussed quite a few number of times , but i'm still having issues with it.

I want to restrict the accounting Information Screen view of vendor Master for some user's

I have a authorization group

LFB1-BEGRU = 'TEST' in Accounting Information Screen on Vendor MASTER and also

LFA1-BEGRU = 'TEST' in Control Screen of Vendor Master Data

If i do a F1 on both above fields i get this

Authorization Group

The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. The authorization groups usually occur in authorization objects together with an activity.


You assign the authorization using authorization object F_LFA1_BEK.

So i figured out that object F_LFA1_BEK along with other objects is already assigned to a role(ztest) , profile for the user that i'm using to test

Maintained Vendor: Change Authorization for Certain Fields  (F_LFA1_AEN)
  Field group                    *

Standard   Vendor: Application authorization (F_LFA1_APP)
   Activity                       Display
   Customer and Vendor Master Dat Financial Accounting

Standard   Vendor: Application authorization *(F_LFA1_APP - Repeated No Idea)*
   Activity                       Display
   Customer and Vendor Master Dat All values

Maintained Vendor: Account Authorization *(F_LFA1_BEK- Point of INTEREST)*
   Activity                       Lock
   Authorization Group            TEST-TEST

Maintained Vendor: Authorization for Company Codes (F_LFA1_BUK)
  Activity                       Display
  Company Code                   *

Standard   Vendor: Central Data      (F_LFA1_GEN)
  Activity                       Display

Maintained Vendor: Account Group Authorization (F_LFA1_GRP)

  Activity                       Display
  Vendor account group           *

I changed the F_LFA1_BEK to LOCK and TEST

let me know if'im missing any trick or step

I don't see the the authorization object and authorization group in TBRG table

I believe i should see an entry like

object                 auth group

If this is what i'm missing let me know how to create a new entry. Tried SM30 Table MAINTENANCE nOT allowed


Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Jul 14, 2011 at 04:08 PM

    Moderator message - Cross post locked Rob

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.