Function documentationAuthorization Objects

 

The system performs authority checks when a user carries out a budget transfer or runs a budget report. The following authorization objects are used:

  • Budgeting: Account Assignment (F_FMBU_ACC)

  • Cash Budget Management/Funds Management FM Area (F_FICB_FKR)

  • Cash Budget Management/Funds Management Version (F_FMBU_VER)

  • Budgeting: Document Type (F_FMBU_DOC)

Features

Budget Transfers

You use standard authorization object F_FMBU_ACC to control whether a user is allowed to perform budget transfers between different budget chapters (that is, commitment item groups).

You can assign authorization groups for different account assignment elements to this authorization object. You define the required authorization group in the master record of the relevant account assignment element. In this case, you define the authorization group in the master records of the relevant commitment items.

When you define user authorizations in transaction PFCG, you assign the authorization group for the relevant commitment items to the F_FMBU_ACC authorization object in the user’s profile. For more information, see the example below.

The system also performs consistency checks to determine whether the budget transfer is allowed (see Budget Transfer Checks).

Budget Reports

When a user runs a budget report, the system checks if the user is authorized for the specified FM area (authorization object F_FICB_FKR) and budget category and version (authorization object F_FMBU_VER).

When the system has selected the budget data according to the selection criteria, the system checks authorization object F_FMBU_ACC to determine whether the user is authorized to display the relevant account assignment elements in the FM area (that is, funds centers, funded programs, functional areas, funds, commitment items).

The records for which the user is not authorized are deleted from the selected data and are not displayed in the ALV output or in the PDF. The message log for the report provides a list of records that were excluded from the report output due to missing authorization.

For the Overview of Budget Entry Documents (RPAEFM_0105) report, which displays data from selected budget entry documents, the system also checks authorization object F_FMBU_DOC. This authorization object determines whether the user is authorized to display the document type. In this case also, the message log provides a list of records that were excluded from the report output due to missing authorization.

Example

You define the following commitment items and budget chapter assignments:

Commitment Item

Budget Chapter

AA.01

1

BB.01

1

DD.02

2

CC.03

3

You define authorization groups according to the following mapping:

Commitment Item

Budget Chapter

Authorization Group

AA.01

1

AG01

BB.01

1

AG01

DD.02

2

AG02

CC.03

3

AG03

The results are as follows:

  • If you have authorization group AG01 in your profile, you can only transfer budget within budget chapter 1.

  • If you have authorization groups AG01 and AG02 in your profile, you can transfer budget within budget chapters 1 and 2, and between budget chapters 1 and 2.

  • If you have all three authorization groups in your profile, you can transfer budget within each budget chapter and between the budget chapters.