Skip to Content
Jul 22, 2012 at 02:39 PM

Restrict G/L account access


Dear Gurus

We are trying to restrict view access to data on the basis of G/L account for end users via a report which displays following data from
Table BSIS and BSAS

1:Company Code 2:GL Account 3:Acc.Document Number 4:Document Type
5:Cost Center 6:Profit Center 7:Posting Date 8:Document Date

In report we have included Authorization checks for below Authorization objects in order to restrict via G/L account


We have maintained Authorization group in G/L account via Transaction FS00 -->Control data ---> Authorization group.
Authorization group we created via T-code SE56.

We have assigned authorization to test user for the report and above mentioned authorization objects (Say activity 03 and Authorization group ZZZZ ) with a new role and assigned only that role to user.

But when user is executing the report , he is able to see the data from the G/L account which have different Authorization group maintained say YYYY and G/L Account which do not have authorization group assigned to them and hence voilating authorization checks.

We have gone through many SCN threads but did not find satisfactory solution.