Skip to Content
avatar image
Former Member

How to restrict FBL1N only to display access

Hi,

I need some help in restricting access for FBL1N. The requirement is the user should be able to only display the vendor items for the given opcos. I created a test role for this tcode and maintained the activity for all the auth objects to 03. But still user is able to change the vendor details. When ran trace, it was showing the access to Tcode FB02. but not sure how the test user is getting this access as the test role does not contain FB02 and user does not have any other role. Please advise

Regards

Kavitha

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Aug 18, 2011 at 06:35 AM

    Hello,

    did you copy the test user from another user? Check if the user has some separate profiles via the tab Profiles in transaction SU01 that are not belonging to a role.

    regards

    Christian

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Christian,

      Thanks for your response. I did notice that user was assigned SAP_ALL which was the giving the access. It works fine now.

      Regards

      Kavitha

  • avatar image
    Former Member
    Aug 18, 2011 at 08:13 AM

    Hi Kavitha,

    FBL1N internally calls lots of tcodes and FB02 is one among them. Check the table TCDCOUPLES.

    I don't think this restriction is possible only with adding 03 activity for the F_LFA1* and F_BKPF* objects.

    If you check FBL1N in SU24, there are a few other authorization objects that are in check state. You need to make them check maintain and further maintain the activites in the individual roles.

    However, this may impact on the current roles that have FBL1N transaction code.

    Hope this helps!!

    Regards,

    Raghu

    Add comment
    10|10000 characters needed characters exceeded