We are trying to restrict view access to data on the basis of G/L account for end users via a report which displays following data from
Table BSIS and BSAS
1:Company Code 2:GL Account 3:Acc.Document Number 4:Document Type
5:Cost Center 6:Profit Center 7:Posting Date 8:Document Date
In report we have included Authorization checks for below Authorization objects in order to restrict via G/L account
1 F_BKPF_BES 2 F_SKA1_BES
We have maintained Authorization group in G/L account via Transaction FS00 -->Control data ---> Authorization group.
Authorization group we created via T-code SE56.
We have assigned authorization to test user for the report and above mentioned authorization objects (Say activity 03 and Authorization group ZZZZ ) with a new role and assigned only that role to user.
But when user is executing the report , he is able to see the data from the G/L account which have different Authorization group maintained say YYYY and G/L Account which do not have authorization group assigned to them and hence voilating authorization checks.
We have gone through many SCN threads but did not find satisfactory solution.