An authorization enables you to use certain functions in the SAP System.
Every authorization relates to an authorization object and defines a value or values for each authorization field contained in the authorization object.
Authorizations are grouped into profiles that are entered in the user master record.
The Profile Generator assists you in the creation of profiles. For more information, see Users and Roles (BC-SEC-USR).
In the current account system you use authorization objects for the following areas:
· Means of payment management - checks (PF) (only applies for banks)
· Standing order (only applies for banks)
· Business partner
· General ledger transfer
· Conditions
· Account hierarchy
· Account
· Amount notice
· Holds
· Employee accounts (only applies for banks)
· Periodic tasks
· Product
· Payment order
· Payment items
Along with the application authorizations, the system also checks the following authorizations in the current account system:
· RFC / BAPI
· FI authorizations
· Basis authorizations
It is important to have an overview of the authorization objects provided by SAP and the transactions where authorization objects are used, to enable you to create authorizations and roles.
If you use the Profile Generator to define your authorizations, it automatically selects the authorization objects checked for the transactions that you selected. However, it is still important to know the details of the check made for each authorization object.
Following is an overview of all authorization objects checked in the current account system. This includes not only the current account authorization objects, but also the cross-application authorization objects checked during account transactions, such as basis objects.
Update not provided
The list of authorization objects is kept up-to-date. The lists of field names and activities are not kept up-to-date for the description of each authorization object. See the authorization objects in the system for the up-to-date version. The authorization objects are available in the object class IS_B Industry Solution - Banking. The authorization objects of the business partner are in the object class Cross-Application Authorization Objects.
Objects |
Object |
Field names |
|
B_BUPA_ATT Business partner: Authorization types
|
Activity Authorization type Authorization value (field 1) Authorization value (field 2) |
B_BUPA_GRP Business partner: Authorization groups
|
Activity Authorization group |
|
B_BUPA_FDG Business partner: Field groups
|
Activity Field group for authorization |
|
B_BUPA_RLT Business partner: BP roles
|
Activity Business partner role category |
|
Activities |
01 Add or create 02 Change 03 Display |
|
Transaction Check |
· The system checks the authorization objects during editing of business partner master data. · In the authorization object B_BUPA_FDG, the system only checks the activities 02 or 03. This authorization object is not checked during creation of a business partner. |
Objects |
Object |
Field names |
|
F_CASH_BKA BCA Means of payment management: Bank area
|
Activity Bank area |
F_CASH_ATT BCA Means of payment management: Authorization types
|
Activity Authorization type Authorization value (field 1) Authorization value (field 2) |
|
F_CASH_BPG BCA Means of payment management: Authorization group according to BP
|
Activity Authorization group |
|
F_CASH_ACG BCA Means of payment management: Authorization group according to account
|
Activity Authorization group |
|
F_CASH_PRG BCA Means of payment management: Authorization group according to product (new for 4.02) |
Activity Authorization group |
|
F_CASH_TYP BCA Means of payment management: Position type
|
Activity Means of payment position type |
|
Activities |
01 Add or create 02 Change 03 Display 05 Lock 06 Delete 43 Release |
|
Transaction Check |
The system checks the authorization objects during check (PF) processing: · Create check (checking of activity 01) · Request check (checking of activity 02) · Lock check (checking of activity 05) · Process lock (checking of activity 05) · Display check (checking of activity 03) · Delete check (checking of activity 06) · Reassign check (checking of activity 02) There is an additional check in check (PF) stack management: · Create check stack (checking of activity 01) · Request check stack (checking of activity 01) · Issue checks (checking of activity 01) · Display check stack (checking of activity 03) · Release check stack (checking of activity 43) · Lock check stack (checking of activity 05) · Unlock check stack (checking of activity 05) · Delete check stack (checking of activity 06) · Create check stack locations (checking of activity 01) · Maintain check stack locations (checking of activity 01) |
|
Notes |
· Specify the position types maintained in Customizing as means of payment position types. · The authorization objects for authorization groups F_CASH_BPG, F_CASH_ACG; and F_CASH_PRG are not checked during creation, requesting, releasing, unlocking, locking, and deletion of check stacks during creation and maintenance of check stack locations as in these transactions no one individual account is known from which the system can derive the authorization group required for the check. · For the display of check stacks, the system only checks the specified authorization objects for authorization groups in the case of issued checks (PF), since the account is known. |
Objects |
Object |
Field names |
|
F_STOR_BKA BCA Standing order: Bank area |
Activity Bank area |
F_STOR_ATT BCA Standing order: Authorization types |
Activity Authorization type Authorization value (field 1) Authorization value (field 2) |
|
F_STOR_GRP BCA Standing order: Authorization group (new for 4.03) |
Activity Authorization group |
|
F_STOR_BPG BCA Standing order: Authorization group according to BP |
Activity Authorization group |
|
F_STOR_ACG BCA Standing order: Authorization group according to account |
Activity Authorization group |
|
F_STOR_PRG BCA Standing order: Authorization group according to product |
Activity Authorization group |
|
F_STOR_FDG BCA Standing order: Field groups |
Activity Field group for authorization |
|
Activities |
01 Add or create 02 Change 03 Display 06 Delete 22 Enter, transfer, assign (new for 4.62_10, SP 01) 43 Release (new for 4.03) |
|
Transaction Check |
· The system checks the authorization objects during standard order processing (create, change, delete, display, and release). · In the authorization object F_STOR_FDG, the system only checks the activities 02 or 03. · Activity 22 is checked during the creation of standing orders from account maintenance. · The system checks activity 43 during release of standing orders and during release of deletion as part of the principle of dual control. |
Objects |
Object |
Field names |
|
F_GLRE_BKA BCA General ledger reconciliation: Bank area (new for 4.02) |
Bank area |
Transaction Check |
· The system checks authorization object F_GLRE_BKA in the reconciliation and statement reports for general ledger transfer. This means you can control the general ledger reconciliation by bank area. |
Objects |
Object |
Field names |
|
F_GLVA_BKA General ledger individual value adjustment: Bank area (new for 4.03) |
Activity Bank area |
|
F_GLVA_BPG General ledger individual value adjustment: Business partner (new for 4.61) |
Activity Authorization group |
|
F_GLVA_ACG General ledger individual value adjustment: Account (new for 4.61) |
Activity Authorization group |
|
F_GLVA_PRG General ledger individual value adjustment: Product (new for 4.61) |
Activity Authorization group |
Activities |
01 Add or create 02 Change 03 Display |
|
Transaction Check |
· The system checks the authorization objects during creation, display, and change of value adjustments. |
Objects |
Object |
Field names |
|
F_GLLO_BKA General ledger - loss on receivables: bank area (new for 4.03) |
Activity Bank area
|
|
F_GLLO_ACG General ledger - loss on receivables: Account (extended from 4.61) |
Activity Authorization group |
Activities |
10 Post |
|
Transaction Check |
· The system checks the authorization objects when a loss on receivables is posted. |
Objects |
Object |
Field names |
|
F_COND_ATT BCA Conditions: Authorization types |
Activity Authorization type Authorization value (field 1) Authorization value (field 2) |
F_COND_ITP BCA Conditions: Individual conditions condition category (new for 4.02) |
Activity Condition category |
|
F_COND_COA BCA Conditions: Condition area |
Activity Condition area |
|
F_COND_TYP BCA Conditions: Condition category |
Activity Condition category |
|
F_COND_BDC BCA Conditions: Retroactive condition change (New in EA-FINSERV 200) |
Activity Condition area Condition type |
|
Activities |
01 Add or create 02 Change 03 Display 06 Delete 43 Release (not for individual conditions) 78 Assign (not for individual conditions) |
|
Transaction Check |
· The system checks the authorization objects during the editing of conditions (create, change, display, delete, and release) and during assignment of conditions to a condition group. ·
In
the transactions for the maintenance of standard conditions, the system checks
the following objects: ·
When you maintain individual conditions, the system
only checks authorization object · When you maintain individual conditions, the system also checks authorization object F_COND_BDC BCA Conditions: Retroactive condition changes. The system only checks the activities 02, 06 and 43. |
Objects |
Object |
Field names |
|
F_ACHY_BKA BCA Account hierarchy: Bank area |
Activity Bank area |
Activities |
01 Add or create 02 Change 03 Display 06 Delete |
|
Transaction Check |
The system only checks this authorization object during editing or displaying of account hierarchies. |
Objects |
Object |
Field names |
|
F_BKKA_BKA BCA Account: Bank areas |
Activity Bank area |
F_BKKA_ATT BCA Account: Authorization types |
Activity Authorization type Authorization value (field 1) Authorization value (field 2) |
|
F_BKKA_BPG BCA Account: Authorization group according to BP |
Activity Authorization group |
|
F_BKKA_PRG BCA Account: Authorization group acc. to product (new for 4.02) |
Activity Authorization group |
|
F_BKKA_GRP BCA Account: Authorization groups |
Activity Authorization group |
|
F_BKKA_FDG BCA Account: Field groups |
Activity Field group |
|
F_ACCL_ACT BCA Account closure: Activity (New in EA-FINSERV 100) |
Activity |
|
F_BKKA_RCT BCA Account: Reactivate (New in EA-FINSERV 100) |
Activity Authorization group |
|
F_TD_CORR BCA Fixed-Term Deposit Account: Change |
Activity |
|
F_BKKA_GSB BCA Account: Business area (New in EA-FINSERV 200) |
Activity Business area |
|
Activities |
01 Add or create 02 Change 03 Display 23 Maintain 43 Release |
|
Transaction Check |
· The system checks the authorization objects in the transactions for the maintenance and display of the account master record. · There is also a check in the following reports (periodic tasks): ¡ Report: Account locks ¡ Report: Limit editing ¡ Report: List of limits to be released ¡ Report: Balance list ¡ Report: Overdraft list ¡ Account overview for currency changeover ¡ Reference account list · In the reports mentioned, the system checks only the objects F_BKKA_BKA, F_BKKA_ATT, F_BKKA_BPG and F_BKKA_GRP. The system does not check object F_BKKA_FDG (field groups). · In the Limits to be Released, the system checks activity 43 (release). In all other reports, the system checks activity 03 (display). · In all reports that access the logical database, the system always makes an authorization check of the objects F_BKKA_BKA; F_BKKA_ATT, F_BKKA_BPG, and F_BKKA_GRP. This applies particularly for customer programs. In the logical database, the system checks activity 03 (display). · The authorization object F_ACCL_ACT is checked when you call up the list Account Closure: Release. This enables you to provide certain users with either read only or change access to the release list. · The authorization object F_BKKA_RCT is checked when you reactivate an account by using the F9K2 transaction Change Account. In addition, the system checks the following programs: ¡ RFKBCLOSUREUNDO: Activate closed accounts ¡ RFBKCLOSUREUNDO: Reset account closure, single run · The authorization object F_BKKA_GSB is checked when you display, create, or change the business area in the account master data. · The activity 23 (Maintain) is checked only in the authorization objects F_BKKA_BPG, F_BKKA_GRP, and F_BKKA_PRG. · The authorization object F_TD_CORR is checked when you change the values for a fixed-term deposit account that has already been fixed. |
|
Notes |
· Activity 43 (release) relates to the releasing of limits on the account. · In change mode, the system checks the objects on the initial screen for an account and when an account is saved. · In create mode, the authorization values and authorization groups of the account do not yet exist on the initial screen. The system does not check these until the account is saved (except bank area). · In the authorization object F_BKKA_FDG, the system only checks the activities 02 and 03. |
Objects |
Object |
Field names |
|
F_NTC_ACT_BCA Notice: Activities in each bank area (New in EA-FINSERV 200) |
Activity Bank area |
F_NTC_GRP Notice: Authorization for each group (New in EA-FINSERV 200) |
Activity Authorization group |
|
F_NTC_PER BCA Notice: Change notice period |
Activity |
|
F_NTC_AMT BCA Notice: Change notice amount |
Activity |
|
Activities |
01 Add or create 02 Change 03 Display 06 Delete 43 Release |
|
Transaction Check |
The F_NTC_ACT authorization object is checked when you create, change, delete, or release amount notices. The system uses the authorization object F_NTC_GRP to check whether the user can process a certain activity according to the authorization group. This depends on the settings in Customizing under Authorization Management ® Amount-Dependent Authorization ® Maintain Amount Limit for Notice. The system checks the authorization objects F_NTC_PER and F_NTC_AMT when you change the period and amount for an amount notice. |
Object |
Object |
Field names |
|
F_HOLD_ACT BCA Hold: Authorization group (New in EA-FINSERV 200) |
Activity Authorization group |
Activities |
01 Add or create 02 Change 03 Display 06 Delete 43 Release (new for EA-FINSERV 500) |
|
Transaction Check |
The system uses the authorization object F_HOLD_ACT to check whether the user can use the Create, Change, Display, Delete, or Release activity for holds according to the authorization group. This depends on the settings in Customizing under Authorization Management ® Amount-Dependent Authorization ® Maintain Amount Limit for Holds. |
Employee accounts constitute a special type of account.
Employees have online access to their own account. This access must be protected by authorizations, so that an employee may access his/her own account.
Not only must access to the account master data be protected, but also the posting and processing of payment items, payment orders, and standing orders.
An account is considered to be an employee account if the account holder assigned to the account or the assigned authorized drawer is identified in the master record as an employee.
The business partner master record contains a User Name field for this identification, in which the SAP user name of the employee is entered.
Additionally, the account may not be defined as AND (joint) account and the product assigned to the account must have the Employee Account feature.
The display of the buttons for calling up other functions during payment item processing and payment orders for employee accounts depends on the authorization of the employee. For example, an employee who does not have authorization for reversing a payment item posted on his/her employee account does not have the corresponding button displayed.
SAP delivers the B_BKKA_EMP profile as an example of employee accounts.
Objects |
Object |
Field names |
|
F_EMAC_MTH BCA Employee accounts: Allowed methods (new for 4.02) |
Object methods for authorization, employee accounts |
|
F_EMAC_FDG BCA Employee accounts: Field groups on the account (new for 4.02) |
Field group |
|
F_EMAC_TRN BCA Employee accounts: Transaction types (new for 4.02) |
Transaction type |
Object methods |
00010002 Change account 00010003 Display account 00010008 Display account change documents 10000001 Create payment item 10000002 Change payment item 10000003 Display payment item 10000006 Delete payment item 10000008 Display payment item change documents 10000010 Post payment item 10000039 Check payment item 10000043 Release payment item 10000077 Park payment item 10000085 Reverse payment item 10000101 Transfer post payment item 10000102 Force payment item posting/ Force return 10000103 Return payment item 10000104 Reject payment item 10001001 Assign names to payment item direct debit order 10001002 Assign names to payment item account callup check 10010001 Create payment order 10010002 Change payment order 10010003 Display payment order 10010006 Delete payment order 10010008 Display payment order change documents 10010010 Post payment order 10010039 Check payment order 10010043 Release payment order 10010077 Park payment order 10010085 Reverse payment order 10010102 Force payment order posting 10010103 Post payment order return order 00010105 Reactivate account 00011200 Assign account to product 10020001 Standing order (only applies for banks) 10020002 Change standing order (only applies for banks) 10020003 Display standing order (only applies for banks) 10020006 Delete standing order (only applies for banks) 11000001 Create check (only applies for banks) 11000003 Display check (only applies for banks) 11000005 Lock check (only applies for banks) 11000006 Delete check (only applies for banks) |
|
Transaction Check |
The system checks the object in all transactions described by the above object methods. An employee may only access his/her account if his/her profile contains the corresponding object method. You need to activate the Post Payment Item/Order Object methods simultaneously for the Force Payment Item Posting/Force Return/Force Payment Order Posting respectively. You can use the authorization object Employee Accounts: Field groups on the account to restrict the view of the employee account to certain field groups. If, for example, you want to prevent a bank employee from seeing his/her own internal limit, you do not give him/her authorization for those field groups containing the internal limit. If this employee is to be able to see all other fields, you must issue him/her authorization for all other field groups. For the creation and changing of payment items, payment orders, and standing orders for the account of a bank employee, the user also requires authorization for the corresponding transaction type. The system checks these three authorization objects for employee accounts only (see above for definition). However, in the case of employee accounts, the system does not check the other authorization objects for an account. F_BKKA_BKA BCA Account: Bank areas F_BKKA_ATT BCA Account: Authorization types F_BKKA_BPG BCA Account: Authorization group according to BP F_BKKA_GRP BCA Account: Authorization groups F_BKKA_FDG BCA Account: Field groups |
Objects |
Object |
Field names |
|
F_PAOR_BKA BCA Payment order: Bank area |
Activity Bank area |
F_PAOR_ATT BCA Payment order: Authorization types |
Activity Authorization type Authorization value (field 1) Authorization value (field 2) |
|
F_PAOR_GRP BCA Payment order: Authorization group |
Activity Authorization group |
|
F_PAOR_BPG BCA Payment order: Authorization group according to BP |
Activity Authorization group |
|
F_PAOR_ACG BCA Payment order: Authorization group according to account |
Activity Authorization group |
|
F_PAOR_PRG BCA Payment order: Authorization group according to product |
Activity Authorization group |
|
Activities |
01 Add or create 02 Change 03 Display 06 Delete 10 Post 43 Release 85 Reverse L0 All functions |
|
Transaction Check |
· The system checks the authorization objects when you post, change, and display payment orders, and also during their release (principle of dual control). · During posting the system checks activity 01. Object F_PAOR_GRP is an exception, whereby the system checks activity 10 (post) when you enter a posting. · Activity Release (43) relates here to the releasing of payment orders with the status Control, principle of dual control. · The system only checks the objects for payment items during the manual processing of payment orders. This means that these authorization objects are not checked during the automatic creation of payment orders (standing order posting and cash concentration). |
|
Notes |
· The system checks the ordering party item only. The recipient item is not checked. |
Objects |
Object |
Field names |
|
F_PAIT_BKA BCA Payment item: bank area |
Activity Bank area |
F_PAIT_BDA BCA Payment item: Backdated payment items |
Activity |
|
F_PAIT_ATT BCA Payment item: authorization types |
Activity Authorization type Authorization value (field 1) Authorization value (field 2) |
|
F_PAIT_GRP BCA Payment item: authorization group |
Activity Authorization group |
|
F_PAIT_BPG BCA Payment item: authorization group acc. to BP |
Activity Authorization group |
|
F_PAIT_ACG BCA Payment item: authorization group acc. to account |
Activity Authorization group |
|
F_PAIT_PRG BCA Payment item: authorization group acc. to product |
Activity Authorization group |
|
Activities |
01 Add or create 02 Change 03 Display 06 Delete 10 Post 43 Release 85 Reverse A1 Postpone L0 All functions |
|
Transaction Check |
The system checks the objects during posting, changing, displaying, reversing, and returning of payment items and also during release (principle of dual control). The system does not check the authorization objects during posting of payment orders for payment items (F_PAIT_*). |
|
Notes |
· During posting, the system checks activity 01 Add or Create. Objects F_PAIT_GRP and F_PAIT_BDA are exceptions whereby during posting, the system checks activity 10 (post). · Activity Release (43) relates to the releasing of items with the status Principle of Dual Control. · For the final posting of items in post processing, however, you only need activity Change (02). · The system only checks activity Add or Create during manual posting of payment items. This means that there is no check of this authorization object during the automatic creation of payment items (for example, as part of balancing). · The system checks activity Postpone (A1) when payment items are returned. · The system checks the All Functions activity (L0) when an entry is made by choosing Payment Item ® Edit ® Special ® All Activities. · During creation, display, and deletion of planned items the system checks the Add or Create (01), Display (03), or Delete (06) activities. |
Objects |
Object |
Field names |
|
F_PAYM_ACT additional activity checks for payment items/orders (New in EA-FINSERV 500) |
Activity |
Activities |
86 Transfer post 89 Force posting |
|
Transaction Check |
This object is used for checking the authorization to force the posting of a payment item or payment order, and the authorization for transfer posting a posted payment item. |
Objects |
Object |
Field names |
|
F_PERI_ACT BCA Periodic tasks: Activity (simulation update run) (new for 4.02) |
Bank area Activity Object method |
Activities |
16 Execute 48 Simulate |
|
Transaction Check |
· The system only checks this authorization object in those periodic tasks in which there is a distinction between a simulation and an update run. You use the object
method to control the reports in which the authorizations for update and
simulation runs are to apply. Details of these include: 00020200 Cash concentration: Single run (new) 00020201 Cash concentration: Mass run (new) 00020202 Restart cash concentration 12000200 Account balancing: Single run (new) 12000201 Account balancing: Mass run (new) 12000203 Account balancing: Single run (restart) 12000204 Account balancing: Mass run (restart) 12000205 Early account balancing: Single run 12000206 Early account balancing: Mass run 12000207 Prepare early account balancing 12010200 Bank statement: Single run (new) 12010201 Bank statement: Mass run (new) 12010202 Restart bank statement 12010208 Bank statement duplicate: Single run 12010209 Bank statement duplicate: Mass run 12020200 Balance notification: Single run 12020201 Balance notification: Mass run 12020202 Restart balance notification 13000002 Set posting date 13001004 Change posting date batch 20001100 General ledger interest accrual/deferral (new) 20001101 General ledger interest accrual/deferral (restart) 20001102 General ledger balance sheet preparation 20001104 General ledger transfer FI 20001105 General ledger legacy data transfer 20001106 General ledger post individual value adjustment |
|
Notes |
· You can use the authorization object, for example, to give a user the authorization to start a program as a simulation run, but not as an update run. In this case the user would only have authorization for activity ‘48’. · The object replaces the authorization objects used in earlier releases: F_CLOS_BKA BCA Balancing: Bank area F_PYPD_BKA BCA Posting date: Bank area · In object method 12000207 (prepare early account balancing) the system only checks the Execute activity, since there is no simulation in this case. |
Objects |
Object |
Field names |
|
F_PROD_GRP BCA/FIPR Product: Authorization groups (new for 4.02) |
Activity Authorization group |
Activities |
01 Add or create 02 Change 03 Display |
|
Transaction Check |
The system only checks authorization object F_PROD_GRP during maintenance of products in the Product Configurator. |
The system checks the RFC authorizations listed below in Bank Customer Accounts (BCA) in addition to the application authorizations described.
The system only checks these authorization objects in the BAPIS (= RFC modules) which you can, for example, use to read account turnovers, request checks, or read account master data.
In this way, external access to data managed in the current account system is also subject to authorization protection.
The system does not check the described application authorization objects of the current account system when a BAPI is called. The following BAPIs involve direct input, during which the system also checks the online entry authorizations:
· BAPI_STANDING_ORDER_CHANGE
· BAPI_STANDING_ORDER_CREATE
· BAPI_BKK_ACCNT_CHANGE
· BAPI_BKK_ACCNT_CREATE
· BAPI_BKK_ACCNT_CREATE_EASY
· BAPI_BKK_STAND_ORDER_CHANGE
· BAPI_BKK_STAND_ORDER_CREATE
· BAPI_BKK_FORWD_ORDER_CREATE
· BAPI_BKK_FORWD_ORDER_CHANGE
RFC authorizations should also be always assigned in profiles for online users, since the RFC authorizations are sometimes also checked online.
The following table provides an overview of the RFC authorizations. It shows in which BAPIs the RFC authorization objects are used and which activities the system checks.
The system checks only the activities listed in the table, not those used in the application authorization objects.
Object |
BAPI |
Activity |
F_CLOS_ACT BCA Balancing: Activity (new for 4.02) |
BAPI_COND_CALC_AFTER_WHTAX BAPI: Condition calculation after calculation of interest income tax in batch mode |
B3 (continue) |
|
BAPI_COND_CLOSE_GET_DATA BAPI: Provide detailed data for account balancing |
03 (display) |
F_CASH_ACT (only applies for banks) BCA Means of payment management: Activity |
BAPI_CHEQUE_ORDER BCA: Request or create checks |
01 (add) |
F_STOR_ACT (only applies for banks) BCA Standing order: Activity |
BAPI_STANDING_ORDER_GET_LIST BAPI: List of standing orders for account |
03 (display) |
BAPI_STANDING_ORDER_GET_DETAIL BAPI: Supplies all data on a standing order |
03 (display) |
|
BAPI_STANDING_ORDER_CHANGE BAPI: Changes a standing order |
02 (change) |
|
BAPI_STANDING_ORDER_CREATE BAPI: Creates a standing order |
01 (add) |
|
BAPI_BKK_STAND_ORDER_CHANGE Change Standing Order |
02 (change) |
|
BAPI_BKK_STAND_ORDER_CREATE Create Standing Order |
01 (create) |
|
BAPI_BKK_STAND_ORDER_DELETE Delete Standing Order |
06 (delete) |
|
BAPI_BKK_STAND_ORDER_GET_DET Read Standing Order |
03 (display) |
|
BAPI_BKK_STAND_ORDER_GET_LIST Standing order get list |
03 (display) |
|
BAPI_STANDING_ORDER_DELETE BAPI: Deletes a standing order |
06 (delete) |
|
F_COND_ACT BCA Conditions: Activity |
BAPI_COND_POST_DECRE_BALANCES Debit/credit amounts + balances for a posting period |
03 (display) |
BAPI_COND_VAL_DECRE_BALANCES Debit/credit amounts + balances for a value date period |
03 (display) |
|
BAPI_COND_DECRE_BAL_POOLS Pool: Debit/credit amounts + balances for a value date period |
03 (display) |
|
BAPI_COND_FORW_EXPENSES_COUNT BAPI: Update dispatch expense counter |
34 (write) |
|
F_ACHY_ACT BCA Account hierarchy: Activity |
BAPI_BANKACCT_GET_HIERARCHY BAPI: Account hierarchy for an account |
03 (display) |
F_BKKA_ACT BCA Account: Activity |
BAPI_BANKACCT_GET_BUPA BAPI: Select business partner for account |
03 (display) |
BAPI_BANKACCT_GET_DETAIL BAPI: Detail data for account |
03 (display) |
|
BAPI_BANKACCT_GET_LIST BAPI: List of accounts for a business partner |
03 (display) |
|
BAPI_BKK_ACCNT_GET_LIST Read Account List for Business Partner |
03 (display) |
|
BAPI_BKK_TC_GET_LIST Total Commitment for a Business Partner in BCA |
03 (display) |
|
BAPI_BANKACCT_GET_LIST_ALL BAPI: List of all accounts for one or more bank keys |
03 (display) |
|
F_BAST_ACT BCA Bank statement: Activity |
BAPI_BANK_STATEMENT_EXEC Bank statement: Newly create bank statement |
01 (add) |
BAPI_BKK_BALNOT_CREATE_SINGLE Create Balance Notification |
01 (create) |
|
BAPI_BANK_STATEMENT_GET Bank statement: Call up created bank statement |
01 (add) |
|
F_PAIT_ACT BCA Payment item: Activity |
BAPI_PAYM_ITEM_POST_CLEARING/ Check and post the routing payment items. |
10 (post) |
BAPI_PAYM_ITEM_POST_ITEM/ Post turnover. |
10 (post) |
|
BAPI_PAYM_ITEM_POST_RECEIVER/ Check and post the recipient payment items. |
10 (post) |
|
BAPI_PAYM_ITEM_POST_SENDER/ Check and post the payment items of the ordering party. |
10 (post) |
|
BAPI_PAYM_ITEM_GET_LIST BAPI: List of turnovers |
B1 (display turnovers) |
|
F_PAIT_ACG BCA Payment Item: Authorization Group According to Account |
BAPI_BKK_ACCNT_GET_ITEM_LIST Get Payment Items for an Account |
03 (display) |
F_PAOR_ACT BCA Payment order: Activity (new for 4.03) |
BKK_RFC_PAYM_ORDER_POST Post payment order |
10 (post) |
BAPI_BKK_FORWD_ORDER_CHANGE Forward order change |
02 (change) |
|
BAPI_BKK_FORWD_ORDER_CREATE Forward order create |
01 (create) |
|
BAPI_BKK_FORWD_ORDER_DELETE Forward order delete |
06 (delete) |
|
BAPI_BKK_FORWD_ORD_GET_LIST Forward order get list |
03 (display) |
|
BAPI_BKK_FORWD_ORD_GET_DETAIL Forward order get detail |
03 (display) |
|
F_BKKA_BKA BCA Account: Bank Areas |
BAPI_BKK_ACCNT_CLOSURE Close Account |
02 (change) |
BAPI_BKK_ACCNT_GET_AV_AMOUNT Get Available Amount |
03 (display) |
|
BAPI_BKK_ACCNT_GET_BALANCE Read Balances of Customer Account |
03 (display) |
|
BAPI_BKK_ACCNT_GET_DETAIL Read Account Details |
03 (display) |
|
BAPI_BKK_ACCNT_GET_LIST Read Account List for Business Partner |
03 (display) |
|
F_BKKA_GRP BCA Account: Authorization Groups |
BAPI_BKK_ACCNT_CLOSURE Close Account |
02 (change) |
BAPI_BKK_ACCNT_GET_AV_AMOUNT Get Available Amount |
03 (display) |
|
BAPI_BKK_ACCNT_GET_BALANCE Read Balances of Customer Account |
03 (display) |
|
BAPI_BKK_ACCNT_GET_DETAIL Read Account Details |
03 (display) |
|
BAPI_BKK_ACCNT_GET_LIST Read Account List for Business Partner |
03 (display) |
|
F_BKKA_BPG BCA Account: Authorization Groups |
BAPI_BKK_ACCNT_CLOSURE Close Account |
02 (change) |
BAPI_BKK_ACCNT_GET_AV_AMOUNT Get Available Amount |
03 (display) |
|
BAPI_BKK_ACCNT_GET_BALANCE Read Balances of Customer Account |
03 (display) |
|
BAPI_BKK_ACCNT_GET_DETAIL Read Account Details |
03 (display) |
|
BAPI_BKK_ACCNT_GET_LIST Read Account List for Business Partner |
03 (display) |
|
F_BKKA_PRG BCA Account: Authorization Group According to Product |
BAPI_BKK_ACCNT_CLOSURE Close Account |
02 (change) |
BAPI_BKK_ACCNT_GET_AV_AMOUNT Get Available Amount |
03 (display) |
|
BAPI_BKK_ACCNT_GET_BALANCE Read Balances of Customer Account |
03 (display) |
|
BAPI_BKK_ACCNT_GET_DETAIL Read Account Details |
03 (display) |
|
BAPI_BKK_ACCNT_GET_LIST Read Account List for Business Partner |
03 (display) |
Authorization needs to be checked in the target system (FI).
In the Reconciliation to Reconciliation Key and Reconciliation to FI Document reports, the system checks the objects F_BKPF_KOA and F_BKPF_BUK with activity 03.
S_PROGRAM ABAP: Program process flow checks
Objects |
Object |
Field names |
|
S_PROGRAM Run programs
|
User action ABAP/4 program Authorization group ABAP/4 program |
Transaction Check |
You can issue authorizations for reports and evaluations in the periodic tasks with authorization object S_PROGRAM. Outside of the Periodic Tasks menu there is no check of this authorization object. Decisive for the check are the authorization groups assigned to the standard reports. Displaying the application logs is not protected by authorization object S_PROGRAM. You can protect these by using authorization object S_APPL_LOG (see application log) (see below). You can use this authorization object to issue authorizations for starting reports in BCA. Since the system also calls up reports at certain points, it is recommended that you transfer the authorization to the basis authorizations. The object consists of the following fields: ·
Authorization group ABAP program (P Group) The current account system uses the following authorization groups: (see table TPGP) F_002 DELETE/ARCHIVE/RELOAD F_B00 BALANCING REPORTS F_B01 POSTING DATE PAYMENT TRANSACTIONS F_B02 TRANSFER GENERAL LEDGER F_B01 POSTING DATE BALANCING F_B04 INTEREST ACCRUAL/DEFERRAL F_B05 ACCOUNT BALANCING F_B06 CASH CONCENTRATION F_B07 BANK STATEMENT F_B08 LIMITS F_B09 PRINCIPLE OF DUAL FOR CONTROL CURRENCY CHANGEOVER F_B10 STANDING ORDER F_B11 INFO SYSTEM ACCOUNT F_B12 END-OF-DAY PROCESSING F_B13 INDIVIDUAL CONDITIONS F_BCORR ADJUSTMENT PROGRAMS BCA F_BPERF PERFORMANCE SETTINGS ·
User action ABAP/4 program |
|
Notes |
The object is in the Basis - Development Environment object class. |
From the following table you can see which authorization groups the system checks in the individual reports. (Table TRDIR, field SECU):
Authorization group |
Description |
Reports |
F_002 |
Archiving |
Checked in all BCA archiving reports · Archive programs · Delete programs · Reload programs · Read programs |
F_B00 |
Account closure |
· Account closure |
F_B01 |
Posting date PT |
· Posting date payment transactions online · Posting date payment transactions batch |
F_B02 |
Transfer general ledger |
· General ledger transfer · Balance sheet preparation · Balance sheet preparation (backdated) · All general ledger statement and reconciliation reports |
F_B03 |
Posting date balancing |
· Posting date balancing · Posting date balancing batch |
F_B04 |
Interest accrual/deferral |
· Interest accrual/deferral · Statement interest accrual/deferral · Restart |
F_B05 |
Account balancing |
· Individual balancing · Mass balancing · Restart individual balancing · Restart mass balancing · Interest scale list · Output of balanced accounts · Individual early balancing · Mass early balancing |
F_B06 |
Cash concentration |
· Cash concentration · Restart cash concentration |
F_B07
|
Bank statements |
· Start / restart bank statements · Bank statement on request · Duplicate creation |
F_B08 |
Limits |
· Release / delete / display limits |
F_B09 |
Currency changeover |
· Release / delete currency changeover |
F_B10 |
Standing order |
· Posting standing orders (only applies for banks) |
F_B11 |
Information system accounts |
· Balance list · Check (PFlocks (only applies for banks) · Reference account list · Overdraft list · Tolerated overdrafts · Account locks · Balance list · Reference account list · Interest accrual/deferral detail statement |
F_B12 |
End-of-day processing |
· Overview mass runs · Start end-of-day processing · Status overview of end-of-day processing · Accounts locked by end-of-day processing · Accounts locked by individual balancing |
F_B13 |
Individual conditions |
· Processing individual conditions (release / display) |
F_BCORR |
Adjustment programs |
· Various adjustment reports |
F_BPERF |
Performance settings |
· Settings to improve performance |
S_BTCH_ADM Batch processing: Batch administrator
Objects |
Object |
Field names |
|
S_BTCH_ADM Batch processing: Batch administrator |
Identification for batch administrator |
Transaction Check |
The system checks object S:BTCH_ADM during the periodic tasks (account balancing, archiving, and so on). There is a check for Identification for batch administrator =Y. |
|
Notes |
The object is in the Basis – Administration object class. |
S_BTCH_JOB Batch processing: Operations in batch jobs
Objects |
Object |
Field names |
|
S_BTCH_JOB Batch processing: Operations in batch jobs
|
Operations in a batch job Summarization of jobs |
Transaction Check |
The system checks the S:BTCH_JOB object during the periodic tasks (account balancing, archiving, and so on). There is a check for the RELE operation. The job group is blank. |
|
Notes |
The object is in the Basis – Administration object class. |
S_APPL_LOG Read application log
Objects |
Object |
Field names |
|
S_APPL_LOG Read BCA application log |
Activity Application log: Object name Application log: Subobject |
Activities |
03 Display |
|
Transaction Check |
· In the current account system, this object is checked when the application logs are displayed. · FIBA is checked as object name. · Depending on the log, the following abbreviations are checked as sub-object: (entries from table BALSUBT) BAACCHCURR Currency changeover BAACCRUAL Interest accrual/deferral BAACCTCLOS Account closure BAACTCL Account balancing BABKSTAT Bank statement BABSPREP Balance sheet preparation BABSPREPOLD Balance sheet preparation (backdated) BACLEARING Account clearing / cash concentration BAGLTRANS Transfer FI BAPYTREXT Externally initiated payment transactions BAPYTRINT Internally initiated payment transactions BASTORMN Maintain standing orders BASTPOCR Process standing orders |
|
Notes |
· The object is in the Basis - Central Functions object class. |
S_ARCHIVE Run archiving
Objects |
Object |
Field names |
|
S_ARCHIVE Run BCA archiving
|
Activity Work area Archiving object |
Activities |
01 Add or create 02 Change 03 Display |
|
Transaction Check |
The system checks authorization object S_ARCHIVE in the reports on the archiving of BCA objects.
The activities are checked as follows: ·
01
Everything allowed:
· 02 Change mode in archive management · 03 Reading and evaluation of archives (ARCHIVE_OPEN_FOR_READ) and also display mode in archive management
The following archiving objects are checked: · FIBA_BKST Bank statement · FIBA_CFBAL Balance carry forward · FIBA_INCAL Account balancing detail data · FIBA_ITEM Payment items · FIBA_ORDER Payment orders · FIBA_PECAL Account balancing data · FIBA_STORD Standing orders · FIBA_TOTAL Value date transaction figures
The checked work area is ‘FI’. |
|
Notes |
The object is in the Basis – Administration object class. |
S_TABU_DIS Table maintenance (using standard tools such as SM31)
Objects |
Object |
Field names |
|
S_TABU_DIS Table maintenance (using standard tools such as SM31) |
Activity Authorization group |
Activities |
01 Add or create 02 Change 03 Display |
|
Transaction Check |
With authorization object S_TABU_DIS you can set up authorizations for Customizing, meaning the maintenance of the configuration tables in the IMG:
The tables that you maintained when you configured the component are grouped for the authorization assignment by being assigned with an authorization group. You use this authorization group to assign authorizations to specific areas of Customizing. The authorization groups relevant for Customizing are arranged similarly to the IMG.
|
|
Notes |
The following authorization groups are used in BCA Customizing:
BUPC BUPA: Customizing business partner BUPS BUPA: Control business partner (events) FB01 FI-BA: Conditions FB02 FI-BA: Business partner FB03 FI-BA: Account/product FB04 FI-BA: Account hierarchy FBO5 FI-BA: Central object (basic settings) FB06 FI-BA: General ledger FB07 FI-BA: Balancing FB08 FI-BA: Control (events) FB09 FI-BA: Means of payment management (checks (PF) and so on) FB10 FI-BA: Account management FB11 FI-BA: Parallel processing FB12 FI-BA: Current settings FB13 FI-BA: Limit categories FB14 FI-BA: In-house bank FB15 FI-BA: Archiving FB16 FI-BA: Amount authorizations
Do not give ordinary processing staff, meaning users without Customizing authorization, authorization for S_TABU_DIS.
The object is in the Basis – Administration object class. |
S_RFC Authorization check for RFC access
Objects |
Object |
Field names |
|
S_RFC Authorization check for RFC access |
Activity Name of the RFC object to be protected (name of the function group) Category of the RFC object to be protected (FUGR) |
Activities |
16 Execute |
|
Transaction Check |
· The system checks authorization object S_RFC during general ledger transfer with ALE connection, in other words, only if the external transfer per RFC has been activated. · In the case of external general ledger linkage per ALE, the system also makes an authorization check during call up of the FI reconciliation report (Periodic Tasks ® Information System ® General Ledger). |
|
Notes |
· Authorization object S_RFC is in the Cross-Application Authorization Objects object class. |